Please check the options:
Use "other"
Please check the options:
Use "other"
I don't see any "options" and I do not see any reference to "Other".
In what context do you mean "other"?
I see selection boxes in which I have selected Apache in the first and Ubuntu 18.04 LTS in the other. Then the page changes appearance but still no Other or Options.
There
is an "Ubuntu (other)".
OK thanks!
Do I need to first uninstall certbot which I got from apt and start over with certbot-auto?
In that case will by certs disappear?
I went ahead and followed the instructions to install certbot-auto through wget.
After I was done I ran the renew command but this time using certbot-auto (which is version 0.37.1 while certbot is at 0.31.0):
$ sudo certbot-auto renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/svn.boberglund.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for svn.boberglund.com
Cleaning up challenges
Attempting to renew cert (svn.boberglund.com) from /etc/letsencrypt/renewal/svn.boberglund.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for svn.boberglund.com:. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/svn.boberglund.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/svn.boberglund.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
As you can see it fails much the same as certbot did. It still seems like it wonât recognize the webroot I edited into the conf fileâŚ
The conf file (/etc/letsencrypt/renewal/svn.boberglund.com.conf) reads as follows:
# renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/svn.boberglund.com
cert = /etc/letsencrypt/live/svn.boberglund.com/cert.pem
privkey = /etc/letsencrypt/live/svn.boberglund.com/privkey.pem
chain = /etc/letsencrypt/live/svn.boberglund.com/chain.pem
fullchain = /etc/letsencrypt/live/svn.boberglund.com/fullchain.pem
webroot-path = /var/www/svn.boberglund.com/public_html
# Options used in the renewal process
[renewalparams]
account = b5058df1c-xxxxxx-fe263dcd9e9
pref_challs = http-01,
authenticator = webroot
webroot-path = /var/www/svn.boberglund.com/public_html
server = https://acme-v02.api.letsencrypt.org/directory
As you can see the webroot is actually entered twice in this file but it still cannot find the settingâŚ
cli.ini and renewal configuration files donât use exactly the same syntax.
The file should be something like:
# renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/svn.boberglund.com
cert = /etc/letsencrypt/live/svn.boberglund.com/cert.pem
privkey = /etc/letsencrypt/live/svn.boberglund.com/privkey.pem
chain = /etc/letsencrypt/live/svn.boberglund.com/chain.pem
fullchain = /etc/letsencrypt/live/svn.boberglund.com/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = b5058df1c-xxxxxx-fe263dcd9e9
pref_challs = http-01,
authenticator = webroot
webroot_path = /var/www/svn.boberglund.com/public_html,
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
svn.boberglund.com = /var/www/svn.boberglund.com/public_html
video.boberglund.com = /some/path
The webroot_path
setting should be unnecessary if the webroot_map
section is filled out for every hostname in the certificate. (Conversely, I think you can leave out the webroot_map
section, but Certbot doesnât when generating files itself.)
Thanks a million!
After the edits you suggested the command:
sudo certbot-auto renew --dry-run
finished successfully!
Last remaining item is to set up the automatic renewal which is somewhat strangely described as executing:
$ echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null
Will this actually work as a normal user, shouldnât it be preceded by sudo?
Why is not crontab -e used instead?
And what exactly does this do?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.