Cant Renew Cert on Some Domains

A "renewal" is actually just another new one.
There is no way to make even the tiniest of modification to a cert.
Any change requires a new cert.
"renewal" is just for humans to "understand" the process.

When your credit card expires they issue you a new one.
You can think of it as renewing the previous card, but the truth is they are two completely independent cards [sometimes even the entire number can change].
In that same sense, certs change just as completely.

Gotcha. So I can just issue another cert and then do the same thing I did in the nginx config for, correct?

But I would try to avoid the default name on the next one:

You can do so with the --cert-name parameter.
You can give it a nice short friendly name:
--cert-name git

And be sure not to include --force-renewal in any script.
[only use once - when needed]

Awesome. That makes sense and then I just reload the nginx config correct?

1 Like

Then you insure nginx is using the latest live paths.
Then you can restart nginx.

Your forced issuance uses certonly.
That will NOT install the cert, nor make any nginx modifications for you.
[most are already in place from previous installs - you only need to confirm/update the cert paths]

Like this would no longer be up-to-date:

As compared to what is shown by:
certbot certificates

Configuration for Jira - client_max_body_size must be at least the max allowed attachment size

server {
listen 80;
location / {
return 301 https://$host$request_uri;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
server {
listen 443 ssl;
proxy_read_timeout 600s;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://jira:8080;
client_max_body_size 50M;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;

OK that should work for JIRA.
Now you still need to do GIT.

Both are done and the certs have been updated for the 3 month window! Thank you so much for everything. I'm the devops engineer here so I have to read the Certbot/LetsEncrypt documentation to bone up on this. This community is amazing!

1 Like


Cheers form Miami :beers:

Cheers from Maine! Thanks again!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.