So I have setup lets encrypt with nginx and freeBSD successfully for two subdomains.
The initial process worked perfectly:
fbs-backup root # certbot certonly --webroot -w /usr/local/www/nginx/portal -d portal.example.com -d www.portal.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /usr/local/etc/letsencrypt/renewal/portal.example.com.conf)
What would you like to do?
-------------------------------------------------------------------------------
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for portal.example.com
http-01 challenge for www.portal.example.com
Using the webroot path /usr/local/www/nginx/portal for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
All good, however, if I run a renew --dry-run:
fbs-backup root # certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/portal.example.com.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for portal.example.com
http-01 challenge for www.portal.example.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/portal.example.com.conf produced an unexpected error: Failed authorization procedure. www.portal.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.portal.example.com/.well-known/acme-challenge/cszM1dexQcpS2WcxcWiN-S8rqv2wO93JzZRqJ9ydv2o: "<html>
<head>
<title>404 Not Found</title>
</head>
<body>
<h1>404 Not Found</h1>
The resource could not be found.<br/><". Skipping.
This is my nginx configuration:
server {
listen 80;
server_name portal.example.com;
# Forward all traffic to SSL
return 301 https://www.portal.example.com$request_uri;
}
server {
listen 443 ssl;
ssl on;
ssl_certificate /usr/local/etc/letsencrypt/live/portal.example.com/cert.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/portal.example.com/privkey.pem;
server_name www.portal.example.com;
client_max_body_size 10M;
client_body_buffer_size 128k;
location ~ /\.well-known/ {
root /usr/local/www/nginx/portal;
}
location / {
root /home/luke/ecom2/dist;
index index.html;
}
}
Have I missed anything obvious? Its great that the client works and my SSL is active, however I want to make sure future renewals will go smoothly, thanks!