Apply new certificates without restarting server. Using docker and nginx

In server
ls -l /etc/letsencrypt/archive/b2bmarket.aidimme.es/
total 32
-rwxrwxrwx 1 usser root 1927 sep 4 09:54 cert1.pem
-rw-r--r-- 1 root root 1923 nov 24 10:18 cert2.pem
-rw-r--r-- 1 usser root 1647 sep 4 09:54 chain1.pem
-rw-r--r-- 1 root root 1647 nov 24 10:18 chain2.pem
-rwxrwxrwx 1 usser root 3574 sep 4 09:54 fullchain1.pem
-rw-r--r-- 1 root root 3570 nov 24 10:18 fullchain2.pem
-rwxrwxrwx 1 usser root 1704 sep 4 09:54 privkey1.pem
-rw-rwxr-- 1 root root 1704 nov 24 10:18 privkey2.pem

1 Like

There we have it.

On the server...

sudo certbot update_symlinks

1 Like

Not sure where your going with that.
The /live/ symlinks are not links at all - but just copies of the files at that date/time.

OK that should fix it.
But you have only mentioned twice.
We may need you to mention it once more - just to be sure - LOL

Ok (below) that makes three!
Now we have a solution!

And +1 more (four) for really good measure :heart:

1 Like

Bingo. Exactly. Bullseye.

1 Like

:grin:

sudo certbot update_symlinks

I got the certificates with certbot auto dont know if there is difference. On the server
sudo certbot update_symlinks
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/b2bmarket.aidimme.es.conf with version 0.31.0 of Certbot. This might not work.

1 Like

ls -l /etc/letsencrypt/live/b2bmarket.aidimme.es/

Pay no attention to the man behind the curtain!

Did it change the files to links?

1 Like

In server
ls -l /etc/letsencrypt/live/b2bmarket.aidimme.es/
total 4
lrwxrwxrwx 1 root root 44 nov 25 09:28 cert.pem -> ../../archive/b2bmarket.aidimme.es/cert2.pem
lrwxrwxrwx 1 root root 45 nov 25 09:28 chain.pem -> ../../archive/b2bmarket.aidimme.es/chain2.pem
lrwxrwxrwx 1 root root 49 nov 25 09:28 fullchain.pem -> ../../archive/b2bmarket.aidimme.es/fullchain2.pem
lrwxrwxrwx 1 root root 47 nov 25 09:28 privkey.pem -> ../../archive/b2bmarket.aidimme.es/privkey2.pem
-rwxrwxrwx 1 root root 692 sep 4 09:54 README

2 Likes

Is that on docker? ......

1 Like

Then restart/reload nginx and you're good to go!

1 Like

I meant for these to be performed on docker...

sudo certbot update_symlinks

ls -l /etc/letsencrypt/live/b2bmarket.aidimme.es/

1 Like

This was the FAIL:

How does that look now?

1 Like

sudo certbot update_symlinks
bash: sudo: command not found
root@2dab82cf9dc4:/# ls -l /etc/letsencrypt/live/b2bmarket.aidimme.es/
total 8
-rwxr-xr-x 1 root root 3574 Sep 14 11:47 fullchain.pem
-rwxr-xr-x 1 root root 1704 Sep 14 11:47 privkey.pem

1 Like

Run this instead on docker:
certbot update_symlinks

Then this:
ls -l /etc/letsencrypt/live/b2bmarket.aidimme.es/

sudo wasn't found?
OR
certbot wasn't found?

1 Like

sudo looks like. Daniel is running as root.

1 Like

I'm hoping the long pause is a good thing.

1 Like

Need a pause because a colegue just come to talck with me for other issue :smiley:
Yes i am running the container as root . should i install certbot on nginx docker container?

root@xxxxx:/# certbot update_symlinks
bash: certbot: command not found

1 Like

That explains a lot.

On docker:
cp /etc/letsencrypt/archive/b2bmarket.aidimme.es/privkey2.pem /etc/letsencrypt/live/b2bmarket.aidimme.es/privkey.pem

cp /etc/letsencrypt/archive/b2bmarket.aidimme.es/fullchain2.pem /etc/letsencrypt/live/b2bmarket.aidimme.es/fullchain.pem

nginx -s reload