I am using certbot to manually renew my certificates every 90 days, and most of the time certbot make system unstable on renew process, so i contacted AWS support they suggested that use bncert tool for auto renew certificate and they don't have any guide for bncert. Now i have 15 days left to renew my certificate and i don't have any idea how can i shift to bncert from certbot. Please help me out to migrate to bncert for auto renew which might won't cause any issue in future
My system is Lightsail with debian 11 (LAMP) and not the wordpress one
That should not happen. Can you describe what you mean by "unstable"?
The article you linked describes getting a wildcard cert. bncert does not support wildcards
The bncert tool is the preferred way on bitnami so if you don't need a wildcard it is worth considering. There are several good guides including bitnami docs for bncert.
The article you linked describes waiting for the TXT records to propagate in the DNS. You do have to wait but only for them to propagate between your authoritive DNS Servers - not the worldwide DNS. This is often very fast like 1 minute. You can check this using unboundtest.com rather than mxToolBox
The guide i followed having steps for renew certificate too and most of the time when i try to use it for renew many unwanted things happens like:-
Certificate renewed but not showing on website
Unable to verify key on DNS
Create duplicate certificates and untouched the original one(not renewed)
So last time i talked to AWS support they helped me to bring the server back and they suggest before expiry the best bet would be to move to bncert with auto renew mode.
I have single page website and might add subdomain soon and also i am redirecting http ->https , http://example.com-> https://www.example.com. Can you please let me know whether bncert will work for me in auto renewal mode? I need to migrate from certbot to bncert for auto renewal
All of those are problems of not following the instructions exactly. The last problem happens when you request a cert with a diff set of domain names than last time. I would have pointed that out to you earlier if you had provided your domain name(s).
Still, those steps were to use a manual method which is not the best. Ideally you want a method that allows for auto-renew. Yes, bncert provides this capability. Did Amazon provide a link to a tutorial or the bncert docs? General bncert docs are below. There are various docs from AWS about using bncert and Lightsail https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/
Thanks mike for the quick reply. AWS don't have any doc for bncert but they suggested to use bncert-tool before expiry but i need to figure out how to migrate from certbot to bncert without messing up with server and certificate.
You might be right that the problems i had with manual because of not following instructions exactly but the domain part i always use the same like *.example.com and i still faced the issue.
The AWS support person told me to move your cert to bncert carefully else it will mess up your server as i did before with certbot.
I am not a bncert expert but you do not need to move any old cert to it. Just get a new cert using that and configure lightsail / apache to use the new certificate
Thanks Mike for your support. Migrating from certbot to bncert isi not that hard and it's much fast and only few steps so migrate. As mike said i don't need to delete existing certificate so use following commands in my console to successfully install(migrate) bncert.