Action is required to prevent your Let's Encrypt certificate renewals from breaking

ShivaChavoshian · January 23, 2019, 8:18am

I have used this guide for installing lets encrypt on my sites. I wanted to handle everything by hand because my nginx is not in it’s default form so I had lots of errors when I used certbot!

Now I am removing everything about this domain: “sarirapp.com”
and reinstall lets encrypt on it.
I have done these steps:
1- I removed old files about sarirapp.com on /etc/letsencrpt
2- letsencrypt certonly -a webroot --webroot-path=/var/sarir/sarirapp.com/public/ -d sarirapp.com
3- (I already have this so I did not run it again) sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
4- sudo nano /etc/nginx/snippets/ssl-sarirapp.com.conf
and paste:
ssl_certificate /etc/letsencrypt/live/sarirapp.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sarirapp.com/privkey.pem;

5- nano /etc/nginx/ites-available/sarirapp.conf
paste:
listen 443 ssl http2;
include snippets/ssl-sarirapp.com.conf;
include snippets/ssl-params.conf;

Now I have https on sarirapp.con on the same server. Is everything ok?

rg305 · January 23, 2019, 8:34am

Yes I think it is all OK now.
I can verify that the site is using a newly issued cert:
https://www.ssllabs.com/ssltest/analyze.html?d=sarirapp.com

JuergenAuer · January 23, 2019, 8:35am

Hi @ShivaChavoshian

your main configuration looks ok.

Domainname	Http-Status	Sec.	G
• http://sarirapp.com/
188.0.240.90	200	0.446	H

• https://sarirapp.com/
188.0.240.90	200	3.630	B

• http://sarirapp.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
188.0.240.90	404	0.550	A
Not Found

Your certificate is new:

CN=sarirapp.com
	23.01.2019
	23.04.2019
	sarirapp.com - 1 entry

Perhaps you may add a redirect http -> https, so that users use a secure connection.

system · February 22, 2019, 8:36am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.