Automating renewal process


#1

I am having multiple issues when trying to obtain a cert and automatize. So my question is:

The first step is to obtain the cert. I only manage to get it working like this:
./letsencrypt-auto certonly --webroot -w /var/www/.../action -d example.org -d www.example.org
All other methods fail on me. Whatever. No problem. I have my cert.

The next step is to manually configure the VirtualHost. No problem. I can do this to crank things up initially.

The third step is to automatize the renewal. Things like

./letsencrypt-auto certonly --apache --renew-by-default -d example.org -d www.example.org
fail on me so I again only got this working successfully:

./letsencrypt-auto certonly --renew-by-default --webroot -w /var/www/…/action -d example.org -d www.example.org

In case I add this to a cronjob. Do I still have to do work manually on every renewal or does it just replace the old certs with the new ones. I am not sure how the server gets the new cert data in. Do I have to reaload the webserver at every renewal for the third step stated here?


#2

I just replied to this in the other thread you commented on. Sorry, I didn’t realise you’d started a new thread.

To answer the first part, basically you can’t mix “certonly” with the “-apache” flag. The apache flag alters your Apache config, so it’s not “only” obtaining a cert. Certonly works with “standalone” or “webroot”.

To renew, just use the option “renew” and nothing else. That is, “letsencrypt renew”. Create a cron job or something and you’re done! The guide advises that you run the cron daily, but I’m running it weekly (I figure if the LE system is down, I still have two or three attempts before expiry).

There’s also a new flag introduced in v0.5 which allows you to run the command silently, so you won’t get an email if nothing goes wrong. (Sorry, I can’t remember it off the top of my head.)

Oh, and don’t forget to add “apache reload” or “postfix reload” to your cron job :wink:


#3

The original rationale of the post to the other thread was the “Correct zName not found for TLS SNI challenge” issue covered and basically still not solved there. Since I have multiple further issues I did not even attempt to ask about I somehow ended up crossposting due to not knowing where to start with all these issues. Apart from that with all these commands I am sharing here are from just following step by step tutorials “out there”. So there is obviously heaps of b… Never mind. You covered what I wanted to know and what I do wrong. :slight_smile: Thank you for your help!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.