Btw, certbot is now v1.31.0
1 Like
When I ran with the --apache option it said it didn't find the apache plugin.
So I attempted to install it:
/opt/certbot/bin/pip install python3-certbot-apache
ERROR: Could not find a version that satisfies the requirement python3-certbot-apache (from versions: none)
ERROR: No matching distribution found for python3-certbot-apache
Can you advice on the cmd line to install the apache plugin?
Thanks.
1 Like
When I run that, I get:
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --apache-server-root /tmp/non-existent
If I ran:
certbot certonly -d studio.smkfmartialarts.com-d www.studio.smkfmartialarts.com
Will it remove or forget about the currently installed certs, or will it add to the existing cert with these new subdomains?
Neither [unless a cert already exists with only those names on it].
If successful, it would simply create a new cert.
You can check what certs are being managed by certbot with:
certbot certificates
1 Like
Earlier, I posted the output from: certbot certificates
and there are to domains in them now. I just want to add the subdomains to them...
I don't want to two of them, as the apache ssl.conf has the lines:
SSLCertificateFile /etc/letsencrypt/live/smkfmartialarts.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/smkfmartialarts.com/privkey.pem
and those point to the current certs.
Found this online from 1.31.0 docs.... It sounds like it will add to the existing cert and not replace nor overwrite it...
You can use certonly or run subcommands to request the creation of a single new certificate even if you already have an existing certificate with some of the same domain names. If a certificate is requested with run or certonly specifying a certificate name that already exists, Certbot updates the existing certificate .
So I need to specify the cert file, so that would be the one defined as SSLCertificateFile in the apache ssl.conf file? I don't have to specify the SSLCertificateKeyFile? Or maybe I do...
So I'm guessing that this would be the complete command line:
certbot certonly --cert-path /etc/letsencrypt/live/smkfmartialarts.com/fullchain.pem --key-path /etc/letsencrypt/live/smkfmartialarts.com/privkey.pem -d studio.smkfmartialarts.com -d www.studio.smkfmartialarts.com
That would satisfy the requirement to specify the files so that get appended to?
Why?
If not a requirement, then you can just get a separate cert for the other subdomains.
1 Like
You don't have to specify cert paths when they are/would be the default used.
You would have to list ALL the names that are to be used in the new cert - I only see the two new names.
certbot is a bit smarter than you seem to be giving it credit for.
Just call certbot and give it ALL the names you want covered.
That should create a new cert.
If you want that cert to be the exact same name as the current cert, just include:
--cert-name smkfmartialarts.com
[which will do the same as an --expand current cert with new names]
1 Like
Thank you for all the help and advice. I put in all the arguments just to be safe, and it seemed to work.. testing it now..
certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: smkfmartialarts.com
Serial Number: 4636cfe6ad3fe****************************
Key Type: RSA
Domains: studio.smkfmartialarts.com smkfmartialarts.com www.smkfmartialarts.com www.studio.smkfmartialarts.com
Expiry Date: 2023-01-15 19:04:51+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/smkfmartialarts.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/smkfmartialarts.com/privkey.pem
Hmm.... going to https://studio.smkfmartialarts.com/, Chrome says it's insecure (but the main site, smkfmartialarts.com is fine).
Also, goes only to the Apache test page... Grrrr.... LoL!
Interestingly, www.studio.smkfmartialarts.com is secure... just not studio.smkfmartialarts.com...
try restarting Chrome. The cert looks good from my test server and a SSL Checker site like this one
2 Likes
Thank you, got it all working... forgot to edit one apache file: httpd-le-ssl.conf to add the new subdomain for *.443.
Both subdomain work now and shows the test page!
Thank you all again!!!
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.