@rg305 is the one or four kegs or growlers of 
or 
Just want to get the units correct. 
2 Likes
Thanks for the clarification 
2 Likes
Doing this gives me:
Total 228
-rw-r--r-- 1 root root 183 Dec 2 10:14 account.conf
-rwxr-xr-x 1 root root 209858 Dec 2 10:14 acme.sh
-rw-r--r-- 1 root root 78 Dec 2 10:14 acme.sh.env
lrwxrwxrwx 1 root root 39 Dec 2 10:33 {buddy-baker.us[-ecc] -> /etc/letsencrypt/live/{buddy-baker.us}/
drwxr-xr-x 2 root root 4096 Dec 2 10:14 deploy
drwxr-xr-x 2 root root 4096 Dec 2 10:14 dnsapi
drwxr-xr-x 2 root root 4096 Dec 2 10:14 notify
root@cardinal:~/.acme.sh#
Question: why is my domain now {buddy-baker.us[-ecc] what is the function of the curly braces and the [-ecc]? is there a way to link that without the -ecc, or am I doing somthing wrong? It looks like the linkage took, but dont understand the -ecc in the domain
Thanks,
Brian
1 Like
that's because you requested certificate with ecdsa key, and as there are some configuration that use both rsa and ecdsa certificate it can't remove prefix without name colliding
1 Like
Hello:
tried the following link - It failed: why?
root@cardinal:/etc/letsencrypt/live# ln -s /etc/letsencrypt/live/{buddy-baker.com}/ /root/.acme.sh/{buddy-baker.com[-ecc]}/
ln: target ‘/root/.acme.sh/{buddy-baker.com[-ecc]}/’ is not a directory: No such file or directory
root@cardinal:/etc/letsencrypt/live#
Any ideas?
Brian
1 Like
OK: I think the error with that command I mentioned was because of spacing: so I used:
ln -s /etc/letsencrypt/live/{www.buddy-baker.us-0001}/ /root/.acme.sh/{www.buddy-baker.us-0001[-ecc]
and just replaced the domain names for all [.us, .com, .org .info] and I did all of the directories listed below:
root@cardinal:/etc/letsencrypt/live# ls -l
total 36
drwxr-xr-x 2 root root 4096 Nov 3 14:02 buddy-baker.com
drwxr-xr-x 2 root root 4096 Nov 3 14:02 buddy-baker.info
drwxr-xr-x 2 root root 4096 Nov 3 14:02 buddy-baker.org
drwxr-xr-x 2 root root 4096 Nov 3 14:02 buddy-baker.us
drwxr-xr-x 2 root root 4096 Nov 3 14:02 buddy-baker.us-0001
-rw-r--r-- 1 root root 740 Nov 3 14:02 README
drwxr-xr-x 2 root root 4096 Nov 3 14:02 www.buddy-baker.com
drwxr-xr-x 2 root root 4096 Nov 3 14:02 www.buddy-baker.org
drwxr-xr-x 2 root root 4096 Nov 3 14:02 www.buddy-baker.us
I now have a directory /root/.acme.sh that looks like THIS:
root@cardinal:~/.acme.sh# ls -l
total 232
-rw-r--r-- 1 root root 183 Dec 2 10:14 account.conf
-rwxr-xr-x 1 root root 209858 Dec 2 10:14 acme.sh
-rw-r--r-- 1 root root 78 Dec 2 10:14 acme.sh.env
lrwxrwxrwx 1 root root 40 Dec 2 11:25 {buddy-baker.com[-ecc] -> /etc/letsencrypt/live/{buddy-baker.com}/
lrwxrwxrwx 1 root root 41 Dec 2 11:27 {buddy-baker.info[-ecc] -> /etc/letsencrypt/live/{buddy-baker.info}/
lrwxrwxrwx 1 root root 40 Dec 2 11:26 {buddy-baker.org[-ecc] -> /etc/letsencrypt/live/{buddy-baker.org}/
lrwxrwxrwx 1 root root 39 Dec 2 10:33 {buddy-baker.us[-ecc] -> /etc/letsencrypt/live/{buddy-baker.us}/
drwxr-xr-x 2 root root 4096 Dec 2 10:14 deploy
drwxr-xr-x 2 root root 4096 Dec 2 10:14 dnsapi
drwxr-xr-x 2 root root 4096 Dec 2 10:14 notify
-rw-r--r-- 1 root root 262 Dec 2 11:17 script-change-acme.sh
lrwxrwxrwx 1 root root 44 Dec 2 11:30 {www.buddy-baker.com[-ecc] -> /etc/letsencrypt/live/{www.buddy-baker.com}/
lrwxrwxrwx 1 root root 44 Dec 2 11:32 {www.buddy-baker.org[-ecc] -> /etc/letsencrypt/live/{www.buddy-baker.org}/
lrwxrwxrwx 1 root root 48 Dec 2 11:37 {www.buddy-baker.us-0001[-ecc] -> /etc/letsencrypt/live/{www.buddy-baker.us-0001}/
lrwxrwxrwx 1 root root 43 Dec 2 11:34 {www.buddy-baker.us[-ecc] -> /etc/letsencrypt/live/{www.buddy-baker.us}/
root@cardinal:~/.acme.sh#
Now will try a restart of apache2 and see what happens, after checking for a cron for this 
Will advise
Brian
1 Like
OK: I have the cron, and she looks like this:
46 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
Do you recommend that i change that so I get output somewhere?
Also, commanded a "service apache2 restart" - all appears OK: No Errors seen
Brian
1 Like
The curly braces are to indicate a place holder and should not have been used in the command.
Only use the -ecc if the acme-sh generated cert contains -ecc in the path name.
Yes, you are doing it wrong; You have misunderstood my instructions.
2 Likes
OK: I misunderstood your directions: Removed all of the links that were wrong, and now I have in the /root/.acme.sh directory:
root@cardinal:~/.acme.sh# ls -l
total 232
-rw-r--r-- 1 root root 189 Dec 2 11:53 account.conf
-rwxr-xr-x 1 root root 209858 Dec 2 10:14 acme.sh
-rw-r--r-- 1 root root 78 Dec 2 10:14 acme.sh.env
lrwxrwxrwx 1 root root 38 Dec 2 13:00 buddy-baker.com -> /etc/letsencrypt/live/buddy-baker.com/
lrwxrwxrwx 1 root root 39 Dec 2 13:02 buddy-baker.info -> /etc/letsencrypt/live/buddy-baker.info/
lrwxrwxrwx 1 root root 38 Dec 2 13:01 buddy-baker.org -> /etc/letsencrypt/live/buddy-baker.org/
lrwxrwxrwx 1 root root 37 Dec 2 13:01 buddy-baker.us -> /etc/letsencrypt/live/buddy-baker.us/
drwxr-xr-x 2 root root 4096 Dec 2 10:14 deploy
drwxr-xr-x 2 root root 4096 Dec 2 10:14 dnsapi
drwxr-xr-x 2 root root 4096 Dec 2 10:14 notify
-rw-r--r-- 1 root root 262 Dec 2 11:17 script-change-acme.sh
lrwxrwxrwx 1 root root 42 Dec 2 12:54 www.buddy-baker.com -> /etc/letsencrypt/live/www.buddy-baker.com/
lrwxrwxrwx 1 root root 42 Dec 2 12:55 www.buddy-baker.org -> /etc/letsencrypt/live/www.buddy-baker.org/
lrwxrwxrwx 1 root root 41 Dec 2 12:53 www.buddy-baker.us -> /etc/letsencrypt/live/www.buddy-baker.us/
lrwxrwxrwx 1 root root 46 Dec 2 12:52 www.buddy-baker.us-0001 -> /etc/letsencrypt/live/www.buddy-baker.us-0001/
root@cardinal:~/.acme.sh#
This is a LINK of everything I had in /etc/letencrypt/live/ which looked like this:
root@cardinal:/etc/letsencrypt/live# ls -l
total 40
drwxr-xr-x 2 root root 4096 Nov 3 14:02 buddy-baker.com
drwxr-xr-x 2 root root 4096 Nov 3 14:02 buddy-baker.info
drwxr-xr-x 2 root root 4096 Dec 2 12:56 buddy-baker.org
drwxr-xr-x 2 root root 4096 Nov 3 14:02 buddy-baker.us
drwxr-xr-x 2 root root 4096 Nov 3 14:02 buddy-baker.us-0001
-rw-r--r-- 1 root root 92 Dec 2 12:52 command-acme.sh.to.use
-rw-r--r-- 1 root root 740 Nov 3 14:02 README
drwxr-xr-x 2 root root 4096 Nov 3 14:02 www.buddy-baker.com
drwxr-xr-x 2 root root 4096 Nov 3 14:02 www.buddy-baker.org
drwxr-xr-x 2 root root 4096 Nov 3 14:02 www.buddy-baker.us
root@cardinal:/etc/letsencrypt/live#
What do I do next? I dont know if I have what i need yet: Shall I try issuing certs, or RENEW the ones I link to in /root/acme.sh - Looks pretty easy once you get it 
Brian
1 Like
I think you have corrected some of the syntax portion of the misunderstanding...
But more misunderstandings remain.
meant to create the links (overwriting the existing links) at /etc/letsencrypt/live/...
[which should match the files used within the Apache config]
and have those point to the acme.sh created certs.
You now have links in the acme.sh root folder - which should never be used.
And the links are to a folder.
The idea was to create individual links to the files needed.
[check you Apache config to see exactly which files are being used - usually fullchain.pem and privkey.pem]
2 Likes
I JUST did this: elink the entries in
/etc/letsencrypt/live/{cert-name}/
to
/root/.acme.sh/{cert-name[-ecc]}/
I TOOK OUT the {}{{} and braces because they are aparently NOT needed. but the [-ecc] was NOT part of anything in letsencrypt.
OK, How am I gonna make certs that work? Should I just nuke /etc/letsencrypt? I cant figure this out 
Brian
1 Like
You seem to be working in the wrong direction.
The -ecc would only be a part of the acme.sh cert path.
Start with:
- What cert files are being used by
Apache?
Keep in mind that my "solution" was in the case of:
If that is NOT the case, then you should not proceed with my suggestions.
2 Likes
I am sorry: I will state this AGAIN: I want a SCRIPT to RENEW and KEEP all domains active and secure.
I cant understand why i just cant do something like:
acme.sh --issue [domain] 4 times: Instead, I am linking to stuff I dont need, in the WRONG way, and removing everything 4 times now, THIS is why certbot-auto was GREAT: It searched, found my domains and then showed them to me, and I selected each one and BOOM: I cant run this thing without knowing: Should I just command the thing to issue new certs, then WIPE letsencrypt?
WHY does this have to be HARD [I am NOT a scripter, and I am stil learning]
Brian
Have you tried the "pip" method of installing certbot already, instead of switching to acme.sh?
1 Like
I tried pip - loaded up the machine with HUNDREDS of files: did NOT work: uninstalling all that caused the system to not work: had to REINSTALL the whole thing twice.
I tried certbot: cant use it: need snaps [NOT AVAILABLE on DEB 8]
I tried getssl: I am confused with the configs [keys and such]
So, What do I do: I still have same problem: MY certbot is DEAD, and I have to mess around doing:
relink the entries in
/etc/letsencrypt/live/{cert-name}/
to
/root/.acme.sh/{cert-name[-ecc]}/
It sounds like someone wants me to do:
root@cardinal:/etc/letsencrypt/live/buddy-baker.us# ls -l
total 4
lrwxrwxrwx 1 root root 39 Nov 3 14:02 cert.pem -> ../../archive/buddy-baker.us/cert18.pem
lrwxrwxrwx 1 root root 40 Nov 3 14:02 chain.pem -> ../../archive/buddy-baker.us/chain18.pem
lrwxrwxrwx 1 root root 44 Nov 3 14:02 fullchain.pem -> ../../archive/buddy-baker.us/fullchain18.pem
lrwxrwxrwx 1 root root 42 Nov 3 14:02 privkey.pem -> ../../archive/buddy-baker.us/privkey18.pem
-rw-r--r-- 1 root root 692 Nov 3 14:02 README
root@cardinal:/etc/letsencrypt/live/buddy-baker.us#
THEN: Link all the *.pem files? like this? (this is one of four domains)
/etc/letsencrypt/live/{something.pem}/ and then link that somewhere?? (all the pem files get individually linked to /root/.acme.sh/?
I'm LOST ;(
Brian
Pip from within a virtual environment, as dictated by the certbot documentation would not have caused any system wide modifications. How did you try to install certbot using pip?
Although the docs assume pip is available for usage, so not sure what you meant with "I tried pip".. Tried installing pip to begin with? Or tried installing certbot using pip? Not sure..
1 Like
I will just say that when I tried to install certbot via pip; This was a disaster: didn't seem to work: as I said, installed LOTS of files, needed to install deps, which was fine, but then, when I tried to get back to where I was before the attempt, It asked me to remove something, and the system was just loaded with files, so it must have removed something that was a dep for something else.
I have used acme.sh like this:
./acme.sh --issue -d buddy-baker.info -w /var/www/mallard.dkpi/public
./acme.sh --issue -d buddy-baker.com -w /var/www/eagle.bbdc/public
./acme.sh --issue -d buddy-baker.us -w /var/www/html
./acme.sh --issue -d buddy-baker.org -w /var/www/bluejay.bbdo/public
When issued, I got a bunch of text, a "Green Success" and it created output like:
[Thu Dec 2 15:04:51 EST 2021] Your cert is in: /root/.acme.sh/buddy-baker.org/buddy-baker.org.cer
[Thu Dec 2 15:04:51 EST 2021] Your cert key is in: /root/.acme.sh/buddy-baker.org/buddy-baker.org.key
[Thu Dec 2 15:04:51 EST 2021] The intermediate CA cert is in: /root/.acme.sh/buddy-baker.org/ca.cer
[Thu Dec 2 15:04:51 EST 2021] And the full chain certs is there: /root/.acme.sh/buddy-baker.org/fullchain.cer
root@cardinal:~/acme.sh
Now, I THINK I can and should have valid certs for all domains, right?
I also assume that I will renew the certs every 90 days, but I think that is what the cron job does..
Do I need the /etc/letsencrypt didrectory anymore? I will hold on to it for a while just in case
Thank You for helping me
Brian
Show:
./acme.sh --list
and
sudo apachectl -t -D DUMP_VHOSTS
1 Like
Here is that output you asked for:
root@cardinal:~/.acme.sh# ./acme.sh --list
Main_Domain KeyLength SAN_Domains CA Created Renew
buddy-baker.com "" no ZeroSSL.com Thu Dec 2 20:09:25 UTC 2021 Mon Jan 31 20:09:25 UTC 2022
buddy-baker.info "" no ZeroSSL.com Thu Dec 2 20:12:52 UTC 2021 Mon Jan 31 20:12:52 UTC 2022
buddy-baker.org "" no ZeroSSL.com Thu Dec 2 20:04:51 UTC 2021 Mon Jan 31 20:04:51 UTC 2022
buddy-baker.us "" no ZeroSSL.com Thu Dec 2 20:01:16 UTC 2021 Mon Jan 31 20:01:16 UTC 2022
root@cardinal:~/.acme.sh#
[Thu Dec 02 16:19:22.911336 2021] [alias:warn] [pid 5059] AH00671: The Alias directive in /etc/phpmyadmin/apache.conf at line 3 will probably never match because it overlaps an earlier Alias.
VirtualHost configuration:
*:80 is a NameVirtualHost
default server cardinal.buddy-baker.us (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost cardinal.buddy-baker.us (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost buddy-baker.com (/etc/apache2/sites-enabled/buddy-baker.com.conf:11)
alias www.buddy-baker.com
port 80 namevhost buddy-baker.info (/etc/apache2/sites-enabled/buddy-baker.info.conf:10)
alias www.buddy-baker.info
port 80 namevhost buddy-baker.org (/etc/apache2/sites-enabled/buddy-baker.org.conf:10)
alias www.buddy-baker.org
port 80 namevhost buddy-baker.us (/etc/apache2/sites-enabled/buddy-baker.us.conf:10)
alias www.buddy-baker.us
*:443 is a NameVirtualHost
default server buddy-baker.com (/etc/apache2/sites-enabled/buddy-baker.com-le-ssl.conf:12)
port 443 namevhost buddy-baker.com (/etc/apache2/sites-enabled/buddy-baker.com-le-ssl.conf:12)
alias www.buddy-baker.com
port 443 namevhost buddy-baker.info (/etc/apache2/sites-enabled/buddy-baker.info-le-ssl.conf:2)
alias www.buddy-baker.info
port 443 namevhost buddy-baker.org (/etc/apache2/sites-enabled/buddy-baker.org-le-ssl.conf:11)
alias www.buddy-baker.org
port 443 namevhost buddy-baker.us (/etc/apache2/sites-enabled/buddy-baker.us-le-ssl.conf:11)
alias www.buddy-baker.us
port 443 namevhost buddy-baker.us (/etc/apache2/sites-enabled/buddy-baker.us.talon-le-ssl.conf:11)
alias www.buddy-baker.us
root@cardinal:~/.acme.sh#
Brian