Show the command and screen please.
We don't want to mess with the real cert.
[sounds like a cancel (again)]
root@ubuntu01:/# certbot certonly --webroot -w /home/jetspace01/public/ -d oohkitchen.co.uk,www.oohkitchen.co.uk --staging
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/oohkitchen.co.uk.conf)
It contains these names: oohkitchen.co.uk
You requested these names for the new certificate: oohkitchen.co.uk,
www.oohkitchen.co.uk.
Do you want to expand and replace this existing certificate with the new
certificate?
If there is a "N" (no) option take it, otherwise, cancel.
Would it be easier to go back to --standalone mode for the moment. The reason I say this is that this web server is an API server and I can live with using non-standard ports.
That's taking the easy way out - LOL
Sure, that will work.
But we are close to getting this done this way too.
Was there an "N" option?
Did it finish?
No probs, lets forge ahead
Sorry forgot to say, I cancelled the previous option
No worries, I just learned that --staging
and --dry-run
are not fully interchangeable.
[shows how often I use test certs (NOT)]
Let's go this way - it should work now:
certbot certonly --webroot -w /home/jet/public/ -d oohkitchen.co.uk,www.oohkitchen.co.uk --dry-run
root@ubuntu01:/# certbot certonly --webroot -w /home/jetspace01/public/ -d oohkitchen.co.uk,www.oohkitchen.co.uk --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/oohkitchen.co.uk.conf)
It contains these names: oohkitchen.co.uk
You requested these names for the new certificate: oohkitchen.co.uk,
www.oohkitchen.co.uk.
Do you want to expand and replace this existing certificate with the new
certificate?
(E)xpand/(C)ancel:
Expand is safe here; as --dry-run
won't actually save over anything.
Go with "E".
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.oohkitchen.co.uk
http-01 challenge for oohkitchen.co.uk
Using the webroot path /home/jetspace01/public for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- The dry run was successful.
root@ubuntu01:/#
B I N G O ! ! ! ! !
Now just remove the --dry-run
and do it for real and you will have a new cert (with both names on it).
But MORE importantly it will update the renewal process and future renewals will use this same method (--webroot
).
Yeah!
WE WIN!
Cheers from Miami
Its succeeded
Will certs get updated automatically?
What about installation?
They should.
You can check the logs in about 12 hours to ensure renewal process is running (won't do anything - but it should check twice a day).
It was already installed.
This was an exercise to remove --manual
and --standalone
and ensure autorenewals.
What happens to the two test files in Public folder?
You can delete them - they helped us pass the test!
Sorry, about the last few questions
Can I use my node app on any port now? (I will read more on --webroot though)