I click on your certbot link and when trying to choose the options for my server set up where you list Apache, Nginx, Haproxy, Plesk, or None of the above…
My HTTP website is running BOTH Apache and Nginx
CentOS 7.6 & VestaCP 9.8
I can login to a root shell on my machine
Should I choose Apache, Nginx, or both?
there is no general answer. Please share your complete setup.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):
But if you use VestaCP (that's part of the questions), you should always use the integrated VestaCP-solution. Don't install an own Certbot.
You can't have two webservers running on one port (when using the same IP address). Let's Encrypt requires port 80 for the default (and easiest) challenge to prove ownership of the hostname (
http-01). Or perhaps you can use a DNS plugin for the
dns-01 challenge, but those aren't readily available on most distributions as far as I know.
Perhaps you can say more about the "layout" of your webserver "network". I.e., does one of the two act as a reverse proxy for the other?
Sorry, I have one server using Ubuntu 18 and one on CentOs 7 . Both running VestaCP.9.8 with Nginx as reverse proxy.
Please also answer the other questions. What about the websites they run? Different hostnames? Different IP addresses? Do you need different certificates? Does the nginx reverse proxy run on just one of those two servers, or did you mean both servers run two webservers, of which nginx acts as the reverse proxy?
Still very much unclear… If you could just tell us as much as possible…
And as @JuergenAuer already said: you should probably use VestaCP to get and install the certificates.
Is the nginx managed via VestaCP or is there one / two standalone nginx?
Managed via VestaCP -> use VestaCP.
Standalone -> use Certbot.
PS: VestaCP has it’s own vHost management. So installing a certificate via Certbot -> your VestaCP crashes.
VestaCP has it’s own http validation logic, so /.well-known/acme-challenge/random-filename answers always with random-filename.HashValueOfTheVestaCPLE-Account. So it can’t work with a http validation via Certbot with another account.
You haven’t even said which web server is running on port 80.
[I have a box full of things and one doesn’t work - please fix it.]
I was looking for a way to automate the renewal for let’s encrypt, while I’m currently running on a dedicated server where all of that is built in with CPanel. I’ve been testing out a couple VPS using VestaCP which uses Nginx on the front end and Apache in the backend on the Ubunto version. So, when i was browsing https://letsencrypt.org/getting-started/ i clicked the link to https://certbot.eff.org/ where it has a drop down as listed in my initial post and thought that it should have an option for both… but I realize now that I do not need certbot for my current development configuration.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.