Due to this change about the Common Names -- Domain ordering not respected, unexpected certificate subject - #6 by jsha -- I am now trying to run cert renewals with the --csr command, and I upgraded certbot from version 1.11 to 2.5.0.
However, now instead of putting the certificates in the appropriate folder as specified by --config-dir, it's putting them in the same folder as I'm running the command from and naming them with a number like 0004_cert.pem and 0008_chain.pem.
Is there a way to get the cert files to go into the same folder when as you don't specify the --csr flag? Or did something change between certbot 1.11 and 2.5.0? (I reverted to 1.11 and the behavior seemed to be the same, so I don't know that the version upgrade had anything to do with it.)
My domain is: walkinfreedom.net
I ran this command:
certbot certonly --manual --csr /home/automation/automation/csrs/walkinfreedom.net.pem --cert-name www.walkinfreedom.net --preferred-challenges http -d www.walkinfreedom.net -d walkinfreedom.net --config-dir /home/automation/automation/ssl-config-dir/ --work-dir /home/automation/automation/ssl-working-dir/ --logs-dir /home/automation/automation/ssl-logs-dir/ --non-interactive --manual-auth-hook "ssl-automation/authenticator.sh attractwell" --manual-cleanup-hook "ssl-automation/cleanup.sh attractwell" --agree-tos --email $sslemail --manual-public-ip-logging-ok
It produced this output:
Saving debug log to /home/automation/automation/ssl-logs-dir/letsencrypt.log
Requesting a certificate for www.walkinfreedom.net and walkinfreedom.net
Use of --manual-public-ip-logging-ok is deprecated.Successfully received certificate.
Certificate is saved at: /home/automation/automation/0004_cert.pem
Intermediate CA chain is saved at: /home/automation/automation/0008_chain.pem
Full certificate chain is saved at: /home/automation/automation/0009_chain.pem
This certificate expires on 2023-07-03.NEXT STEPS:
- Certificates created using --csr will not be renewed automatically by Certbot. You will need to renew the certificate before it expires, by running the same Certbot command again.
My web server is (include version): Apache
The operating system my web server runs on is (include version): CentOS 7
My hosting provider, if applicable, is: Liquid Web
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 2.5.0 (and was previously on 1.11)