that's right.. before I start working I had only MoBPSCert.. now i have two folders with mobps.de-002
yes, I just wanted to see the file folders easily while using ubuntu as a root user.
sorry taking much of your time
Are you able to run commands directly using Ubuntu shell prompt?
Isn't that how you run Certbot? If not please explain how you issue these commands.
through Ubuntu shell prompt only I run commands for nginx, cerbot, R etc.
sorry, i confused you sending winscp images!
What confused me is that commands I asked you to run, and which you did run, did not delete the files they should have.
Please show output of this command. Your directory structure and config files are still wrong. We need to get these fixed so that you have a stable system going forward.
sudo ls -lR /etc/letsencrypt/{live,archive,renewal}
sorry, i deleted this.
Okay, let's make sure this cert can be renewed. We still need to change your nginx config and fix all these damaged configs and directories but let's do this first
Please show output of this
sudo certbot renew --dry-run --cert-name mobps.de-0002
$ sudo certbot renew --dry-run --cert-name mobps.de-0002
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/mobps.de-0002.conf
failed to fetch renewal_info URL (https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo/nytfzzwhT50Et-0rLMTGcIvS1w0.Bcd3ubKg-l6agfECrRg9O3qW): urn:ietf:params:acme:error:malformed :: The request message was malformed :: While parsing ARI CertID an error occurred :: path contained an Authority Key Identifier that did not match a known issuer
Simulating renewal of an existing certificate for mobps.de and www.mobps.de
Why did you delete that post? Did you also delete all those directories?
No, I didn't.
What did it say after that? Did it say the simulation was successful?
Yes,
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/mobps.de-0002/fullchain.pem (success)
Good. Let's change your nginx config to use that new certificate
Change these two lines
ssl_certificate /etc/letsencrypt/live/MoBPSCert/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/MoBPSCert/privkey.pem;
To this and restart nginx after
ssl_certificate /etc/letsencrypt/live/mobps.de-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mobps.de-0002/privkey.pem;
Once we confirm nginx is using the new cert we will remove all the damaged config files and directories
changed in /etc/nginx/sites-available/default
/etc/nginx/sites-enabled/default as well
restarted nginx also.
it's secured until September 10
Thank you so very much for all your time and your patience
Excellent. Now we'll fix your system so the scheduled renewal works right.
First, delete these two config files that are not used and not working right
sudo rm /etc/letsencrypt/renewal/mobps.de-0001.conf
sudo rm /etc/letsencrypt/renewal/mobps.de.conf
Also try deleting the one below. Please show result of command. It might not work as it is partly damaged. We will do a different way if this fails
sudo certbot delete --cert-name MoBPSCert
Sure. WIll delete and show the result of the commands on Monday. I don't work on Fridays, sorry! You have a great weekend. Thank you again for your help.
Hello Mike,
Good Morning!
As you recommended I ran the commands.
$ sudo rm /etc/letsencrypt/renewal/mobps.de-0001.conf
$ sudo rm /etc/letsencrypt/renewal/mobps.de.conf
$ sudo certbot delete --cert-name MoBPSCert
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The following certificate(s) are selected for deletion:
- MoBPSCert
WARNING: Before continuing, ensure that the listed certificates are not being
used by any installed server software (e.g. Apache, nginx, mail servers).
Deleting a certificate that is still being used will cause the server software
to stop working. See User Guide — Certbot 5.0.0.dev0 documentation for information on
deleting certificates safely.
Are you sure you want to delete the above certificate(s)?
(Y)es/(N)o: y
Deleted all files relating to certificate MoBPSCert.
I didn't get any error message:)
Also, I checked the /etc/lestencrypt/live and /etc/lestencrypt/renewal folders and see only mobps.de-0002 related config and related files.
Thank you again for your support.
Excellent. Just one more. Try
sudo certbot renew --dry-run
Will test auto renew
Yes, I did!
Looks all good:)
$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/mobps.de-0002.conf
Simulating renewal of an existing certificate for mobps.de and www.mobps.de
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/mobps.de-0002/fullchain.pem (success)