I've got an emby server, which doesn't run Apache etc, and needs a standalone certificate. I've installed certbot, using a script supplied and at the end of this message, and everything works perfectly. the --dry-run works perfectly too.
I had to convert the certificate to pkcs12 certifiate as this is what emby uses. Using this command;
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out pkcs12.pfx -certfile chain.pem
I looked at the /etc/cron.d/certbot which is;
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
So I wanted to make sure it auto renews, so I issued the command;
/usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
but it came back with;
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
Which leads me to suspect it's going to fail the auto renew on the emby server.
I've tried, but can't seem to get the certonly option working.
Could I ask for help configuring this, what am I missing?
One additional question if i may, I'm sure the certificate, once setup to renew, will be fine, but can I confirm I won't need to build the pkcs12 certificate again using openssl
Thank you for your help, I'm very appreciative
My domain is:emby.remrah.com
I ran this command: N/A
It produced this output:
My web server is (include version): Emby
The operating system my web server runs on is (include version): Ubuntu 20.04
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don't know):Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):0.40.0
Script supplied
#!/bin/bash
cd ~
sleep 1
SERVICE="apache2"
if pgrep -x "$SERVICE" >/dev/null
then
echo "$SERVICE is running"
sleep 2
echo "Will now stop Apache2"
systemctl stop apache2
fi
sleep 2
SERVICE="nginx"
if pgrep -x "$SERVICE" >/dev/null
then
echo "$SERVICE is running"
sleep 2
echo "Will now stop Nginx"
systemctl stop apache2
fi
sleep 2
ufw disable
sleep 1
iptables -F
sleep 1
iptables -X
sleep 1
REQUIRED_PKG="certbot"
PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $REQUIRED_PKG|grep "installed and working")
echo Checking for $REQUIRED_PKG: $PKG_OK
if [ "" = "$PKG_OK" ]; then
echo "$REQUIRED_PKG is missing. Installing $REQUIRED_PKG."
apt-get --yes install $REQUIRED_PKG
fi
sleep 1
file="/var/lib/emby/emby.pfx"
if [ -f $file ] ; then
rm $file
fi
sleep 1
read -p "Enter your FQDN: " fqdn
echo "2" | certbot certonly --register-unsafely-without-email --agree-tos --standalone -d $fqdn
openssl pkcs12 -inkey /etc/letsencrypt/live/$fqdn/privkey.pem -in /etc/letsencrypt/live/$fqdn/fullchain.pem -export -out /var/lib/emby/emby.pfx
sleep 1
read -p "Enter your emby system group and user (default is: emby): " user
chown $user $file
sleep 1
service emby-server restart
sleep 1
SERVICE="nginx"
if pgrep -x "$SERVICE" >/dev/null
then
echo "$SERVICE is running"
else
echo "$SERVICE was stopped"
sleep 2
echo "Will now try to start Nginx"
systemctl start nginx
fi
sleep 2
SERVICE="Apache2"
if pgrep -x "$SERVICE" >/dev/null
then
echo "$SERVICE is running"
else
echo "$SERVICE was stopped"
sleep 2
echo "Will now try to start Apache2"
systemctl start apache2
fi
sleep 2
echo "y" | ufw enable
sleep 1
echo "Certificate has been installed, and is now valid for 90 days."
sleep 1
exit 0