Hello! Good morning serverco.
I have one more question ( too persistent sorry.. )
Following your suggestion, I think I have to split getssl in 2 parts.
First part code(Taking a token from Let's Encrypt) and add TXT record and run second part code(Issuing certificate from Let's Encrypt CA).
But i feared that if I split it out, maybe token has been renewed? So after adding TXT record, that token would be useless?
Can you give me a hand for splitting source code? How can I do good at splitting in purpose?
(maybe until 1206 line in getssl source code.)
I think the token is currently valid for 7 days to authorize the domain (you would need to renew this every time you need to renew though). Personally I prefer to automate this - I understand your requirement is due to your clients though.
I'm away today - I'll try and have a look at the code tomorrow. It depends how familiar you are with bash, but basically you can split it around line 1206, yes.
Yeah It's due to clients.
Client has to individually manually register their's TXT record.
So I want to make code that
gives a client token and wait then if client gives me a sign ( client made a TXT record), then code issue certificate.
Yeah so much thx!
I am studying bash script first time. thx for your help.
I will wait you!
thx.
./getssl domain.com is command that issues certificate?
./getssl -f domain.com is renewing certificate?
But When I ran code "./getssl -f notsmoking.cbilization.com"
codes say "Certificate saved in /root/.getssl/notsmoking.cbilization.com/notsmoking.cbilization.com.crt"
I donât want to re issue certificate only renew certificate.
Originally Letâs encryptâs renewing has to re- issue certificate?
getssl: notsmoking.cbilization.com - certificate obtained but certificate on server is different from the new certificate
It means for what� Obtained certificate is not new certificate? what is mean?
the â-fâ option is forcing renewal - and generally shouldnât be used.
If you simply use â./getssl domainâ (or âgetssl -aâ for all domains) it will renew any certificates which are due for renewal within the next 30 days, and ignore the rest.
the check ânotsmoking.cbilization.com - certificate obtained but certificate on server is different from the new certificateâ is saying that it has renewed the certififcate, and tells you the location it has placed the new certificate, however it has checked with your webserver and you are not currently using that certificate.
There are options in the config file for how to automatically upload the certificate, and restart apache / nginx or whatever needs reloading to use the new cert. Itâs simply warning you that that has not been done successfully ( probably because you haventâ set it in your config).
Why are you renewing manually though ? I thought you just needed a manual method to obtain certificates before clients had fully moved sites over. 2 months later the sites should have moved and you should be using an automatic method for the certificate renewal, not the manual method of copying tokens etc.
aha I understand that!
It is due to my config setting.
Yes, I have to automatically renewal. So I made automatical script. While making script, I have to know how can I issue certificate Like my httpGetSSL.sh (above code will be run by cron.)
1 #!/bin/bash
2 if [ $# -ne 2 ]
3 then
4 echo "parameter has to be two, domain & function type"
5 else
6 case $2 in
7 0)
8 mkdir /root/.getssl/$1
9 cp /root/.getssl/httpgetssl.cfg /root/.getssl/$1/getssl.cfg
10 /root/getssl/getssl -q -f $1
11 ;;
12 1)
13 echo "renew certificate for $1"
14 /root/getssl/getssl -f $1
15 ;;
16 *)echo "error"
17 esac
18 fi
~
Why are you using â-fâ all the time, as this overides the check if the current certificate is valid for more than 30 days ( although you can change the 30 days in the config file ).
If you ran this as a cron - it would renew the certificates every time - and you would hit rate limits. So I would remove the â-fâ
why are you copying a config for each domain and not modifying it ? if you want them all to be the same, then simply donât create a config for the domain, and it will use the settings from your main account.
This simply reduces your whole script down to a single line â/root/getssl/getssl $1â although instead of writing a cron for every domain, Iâd use a single cron with â/root/getssl/getss -aâ which will automatically check all domains, and renew those that need renewal.
hello,
always thx for your reply.
but I donât know how to splitting source code.
I tried split just 1~1206, 1~665(because of using pre-defined function) + 1207~ last for 2 parts.
But It doesnât work maybe because of not called variables.
I am confused to how to do that.
can you help me?
thx.
Did you manually edit the output of getssl somehow, as your screenshot clearly states _acme_challenge (note the two underscores, while we now know the second should be a dash).
Because the source code of getssl doesn't state this _acme_challenge anywhere.. And your second screenshot is correct..
Just purely (psychologically) interested in how human beings can think/work. Why would someone deliberately change something to make helping him more difficult
)
