I've started with 'certbot renew'
Please see this original thread describing the original problems I've had with this...and how I scraped together a solution at the time. I want to avoid this going forward and have the setup foolproof and easily renewed automatically...
Hi there,
From the end of your previous thread, @Osiris said:
Are you confirming that you've tried that? [Note: I am not a coder, but I also do want to make sure that we're not retreading over ground that was covered previously.]
Hi @brokenbricks,
Are these sites meant to be publicly accessible by the Internet at large?
They're all hosted on the same server, right?
Yes.
These are silly domains that host marketing landing pages, but of course they need to be live and working.
I've managed to hack together something again it seems.
I originally tried this command, as I had saved it in my notes from previous attempt as what should work in 3 months when cert expired.
certbot certonly --webroot -w /var/www/html -d pulsenews.online -d www.pulsenews.online -d dailytrends.digital -d www.dailytrends.digital -d dailypulse.online -d www.dailypulse.online
This produced the DNS error and 'unauthorized error'.
One of these domains isn't being used nor pointing correctly to the server so I believe that's what happened. I removed it and re tried the command
certbot certonly --webroot -w /var/www/html -d pulsenews.online -d www.pulsenews.online -d dailypulse.online -d www.dailypulse.online
This seemed to work and created a new cert for these.
The original expired within the hour, and all sites had errors and went dead.
I remembered the 000-default-le-ssl.conf file, and edited it, it was pointing to the old CERT still, so I modified it to the new directory. ( xxxxxxx-0001)
Tried to restart apache, which produced another warning (no domain found, servername, 127.0.0.1 something something) but seems to have reloaded regardless. And now everything seems ok.
Also the domain i omitted, seems to somehow have been included and updated as well.
clearly this is not the best way to go about this, and I'll have to remember all this in 90 days or sooner. I'd love to know the proper way to do it should I ever start over on a new server....
Ideally, you won't have to use --standalone or --webroot at all, nor certonly. The best experience is likely to be with the full nginx or Apache integration, as appropriate:
certbot --apache
or
certbot --nginx
These both assume that you have your sites already set up and working in HTTP with appropriate virtual hosts/server blocks; they use those directly as a basis for creating new HTTPS virtual hosts/server blocks.
--standalone, --webroot, and certonly are all options that are less integrated with your web server and so entail more manual configuration work for you. They're most relevant if you don't have a web server application that Certbot can directly integrate with at all.
If you need to change the names in an existing certificate, use --cert-name and the old certificate's cert name to specify that you want to replace that one when requesting the modified certificate; otherwise you get that -0001 stuff because Certbot assumes you might still want the old certificate, even if there is a high level of overlap between the new and old certificates' domain name coverage.
You can always use certbot certificates to see which certificates you have and what names they cover.
I'll have to carry on with this for the time being.
I need to add an additional domain actually.
So I've registered newdomain.com
What is the easiest / safest way to add this to the SSL cert, or create one specific for this domain?
same server / ip address as all the rest.
Certbot's Apache integration is based on Apache VirtualHosts. So,
if newdomain.com is part of the same (HTTP) VirtualHost as other domain names on an existing certificate, find the cert name for the existing certificate, find the list of names covered by the existing certificate (with certbot certificates), then run
certbot --cert-name oldcertname --apache -d oldname1 -d oldname2 -d oldname3 -d oldname4 [...] -d newdomain.com -d www.newdomain.com
assuming that you want to cover www.newdomain.com and that it's listed in the existing VirtualHost alongside newdomain.com.
On the other hand, to
if it's a separate HTTP VirtualHost, use
certbot --apache -d newdomain.com -d www.newdomain.com
after creating the HTTP VirtualHost for newdomain.com and www.newdomain.com.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
