Certbot went to hell, cant update debian and NEED certbot 1.9.0 but NOT available anywhere

Help
41

Ok show this file:
/etc/apache2/sites-enabled/buddy-baker.com-le-ssl.conf

1 Like
42

here is that file you wanted:

<IfModule mod_ssl.c>

        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.

#Server is EAGLE (Default for buddy-baker.com domain)
<VirtualHost *:443>
        ServerName buddy-baker.com
        ServerAdmin root@localhost
        ServerAlias www.buddy-baker.com
        DocumentRoot /var/www/eagle.bbdc/public
        ErrorLog /var/www/eagle.bbdc/logs/eagle.error.log
        CustomLog /var/www/eagle.bbdc/logs/access.log combined
        LogLevel info ssl:warn

<Directory /var/www/eagle.bbdc>
      DirectoryIndex index.html index.php
      Options +Indexes +FollowSymLinks +Multiviews
      AllowOverride All
      Order Allow,Deny
      Allow from All
</Directory>

<Directory /var/www/eagle.bbdc/public>
      DirectoryIndex index.html index.php
      Options +Indexes +FollowSymLinks +Multiviews
      AllowOverride All
      Order Allow,Deny
      Allow from All
</Directory>

SSLCertificateFile /etc/letsencrypt/live/www.buddy-baker.us/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.buddy-baker.us/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

###############################################################
         #ErrorLog ${APACHE_LOG_DIR}/error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
###############################################################

</IfModule>

As I am aware, I probably have to remove:

SSLCertificateFile /etc/letsencrypt/live/www.buddy-baker.us/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.buddy-baker.us/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Because I have new certs, I would have to change those: Dont know what to change it to??

Brian

43

To the new files found somewhere in folder within the acme.sh directory.

Show:
find / -name fullchain.cer

2 Likes
44

Here is that find output:

root@cardinal:/etc/apache2# find / -name fullchain.cer
/root/.acme.sh/buddy-baker.org/fullchain.cer
/root/.acme.sh/buddy-baker.info/fullchain.cer
/root/.acme.sh/buddy-baker.com/fullchain.cer
/root/.acme.sh/buddy-baker.us/fullchain.cer
root@cardinal:/etc/apache2#

Brian

45

I'll give you one and you can do the rest from there.

Change:

To:

SSLCertificateFile    /root/.acme.sh/buddy-baker.us/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/buddy-baker.us/buddy-baker.us.key

Restart Apache and check the site works securely.

2 Likes
46

And when you get a chance, redo those certs and include the "www" names.
If you can manage it, try making one cert with ALL the names on it (all eight names).

3 Likes
47

rg305:

OK: when I redo the whole thing would I do this for all certs in one line like below?

=============================================================================
./acme.sh --issue -d buddy-baker.info -w /var/www/mallard.dkpi/public --issue -d buddy-baker.com -w /var/www/eagle.bbdc/public --issue -d buddy-baker.us -w /var/www/html --issue -d buddy-baker.org -w /var/www/bluejay.bbdo/public

Reason I ask is because all of my domains are in seprate directories, so I assume that I would be using -w for working directories 4 times. I will follow your above instructions to change the certs and keys used as you suggested. (I would also add the www names to this as well)

Brian

48

rg305:

I have completed the ssl change, it took a few minutes and a restart of Apache2, and then a reboot of the system, but it does appear that the system is responding with the changes you asked me to do. When I get close to renewal, I will do all 8 names at once, I just want to make sure that I have the command syntax correct.

Thank you for your help, I REALLY appreciate it :slight_smile:

Brian-

1 Like
49

You only need to use "--issue" once in that looooong request.

Yes. Since the working directories are all different.
You state the domain(s) first then immediately follow with the directory (repeat that pattern as needed).

2 Likes
50

OK: So it sounds like I do:

./acme.sh --issue -d buddy-baker.info -w /var/www/mallard.dkpi -d buddy-baker.com -w /var/www/eagle.bbdc -d buddy-baker.us -w /var/www/html -d buddy-baker.org -w /var/www/bluejay.bbdo/public

-d www.buddy-baker.us -w /var/www/html -d www.buddy-baker.com -w /var/www/eagle.bbdc -d www.buddy-baker.org -w /var/www/bluejay.bbdo/public -d www.buddy-baker.info -w /var/www/mallard.dkpi

Correct?

Brian

52

Let me try simplifing that for you:

./acme.sh --issue \
-d "buddy-baker.info,www.buddy-baker.info" -w /var/www/mallard.dkpi \
-d "buddy-baker.com,www.buddy-baker.com"   -w /var/www/eagle.bbdc \
-d "buddy-baker.us,www.buddy-baker.us"     -w /var/www/html \
-d "buddy-baker.org,www.buddy-baker.org"   -w /var/www/bluejay.bbdo/public
2 Likes
53

Question: How do I run that: I get:

root@cardinal:~# ./acme.sh --issue \

-d "buddy-baker.info,www.buddy-baker.info" -w /var/www/mallard.dkpi
-d "buddy-baker.com,www.buddy-baker.com" -w /var/www/eagle.bbdc
-d "buddy-baker.us,www.buddy-baker.us" -w /var/www/html
-d "buddy-baker.org,www.buddy-baker.org" -w /var/www/bluejay.bbdo/public
-su: ./acme.sh: Is a directory

From my command line: am I doing something wrong?

Brian

54

You're likely not in the right place.
Try doing this first:
cd /root/.acme.sh
OR

/root/.acme.sh/acme.sh --issue \
-d "buddy-baker.info,www.buddy-baker.info" -w /var/www/mallard.dkpi \
-d "buddy-baker.com,www.buddy-baker.com"   -w /var/www/eagle.bbdc \
-d "buddy-baker.us,www.buddy-baker.us"     -w /var/www/html \
-d "buddy-baker.org,www.buddy-baker.org"   -w /var/www/bluejay.bbdo/public
2 Likes
55

@rg305:

I took that info you gave me, and then did a 'nano acme,renewer.sh' then stuck all that in that file. I chmoded that file, then did:

./acme.renewer.sh
and I got the following:

root@cardinal:~/.acme.sh# ./acme.renewer.sh
[Thu Dec 9 08:54:43 EST 2021] Domains have changed.
[Thu Dec 9 08:54:44 EST 2021] Using CA: https://acme.zerossl.com/v2/DV90
[Thu Dec 9 08:54:44 EST 2021] Multi domain='DNS:buddy-baker.info,DNS:www.buddy-baker.info,DNS:buddy-baker.com,DNS:www.buddy-baker.com,DNS:buddy-baker.us,DNS:www.buddy-baker.us,DNS:buddy-baker.org,DNS:www.buddy-baker.org'
[Thu Dec 9 08:54:44 EST 2021] Getting domain auth token for each domain
[Thu Dec 9 08:54:58 EST 2021] Getting webroot for domain='buddy-baker.info'
[Thu Dec 9 08:54:58 EST 2021] Getting webroot for domain='www.buddy-baker.info'
[Thu Dec 9 08:54:58 EST 2021] Getting webroot for domain='buddy-baker.com'
[Thu Dec 9 08:54:58 EST 2021] Getting webroot for domain='www.buddy-baker.com'
[Thu Dec 9 08:54:58 EST 2021] Getting webroot for domain='buddy-baker.us'
[Thu Dec 9 08:54:59 EST 2021] Getting webroot for domain='www.buddy-baker.us'
[Thu Dec 9 08:54:59 EST 2021] Getting webroot for domain='buddy-baker.org'
[Thu Dec 9 08:54:59 EST 2021] Getting webroot for domain='www.buddy-baker.org'
[Thu Dec 9 08:54:59 EST 2021] Verifying: buddy-baker.info
[Thu Dec 9 08:54:59 EST 2021] Processing, The CA is processing your order, please just wait. (1/30)
[Thu Dec 9 08:55:02 EST 2021] Processing, The CA is processing your order, please just wait. (2/30)
[Thu Dec 9 08:55:04 EST 2021] Processing, The CA is processing your order, please just wait. (3/30)
[Thu Dec 9 08:55:07 EST 2021] Processing, The CA is processing your order, please just wait. (4/30)
[Thu Dec 9 08:55:10 EST 2021] Processing, The CA is processing your order, please just wait. (5/30)
[Thu Dec 9 08:55:14 EST 2021] Processing, The CA is processing your order, please just wait. (6/30)
[Thu Dec 9 08:55:18 EST 2021] Processing, The CA is processing your order, please just wait. (7/30)
[Thu Dec 9 08:55:22 EST 2021] Processing, The CA is processing your order, please just wait. (8/30)
[Thu Dec 9 08:55:25 EST 2021] Processing, The CA is processing your order, please just wait. (9/30)
[Thu Dec 9 08:55:29 EST 2021] Processing, The CA is processing your order, please just wait. (10/30)
[Thu Dec 9 08:55:31 EST 2021] Processing, The CA is processing your order, please just wait. (11/30)
[Thu Dec 9 08:55:35 EST 2021] Processing, The CA is processing your order, please just wait. (12/30)
[Thu Dec 9 08:55:38 EST 2021] Processing, The CA is processing your order, please just wait. (13/30)
[Thu Dec 9 08:55:40 EST 2021] Processing, The CA is processing your order, please just wait. (14/30)
[Thu Dec 9 08:55:43 EST 2021] Processing, The CA is processing your order, please just wait. (15/30)
[Thu Dec 9 08:55:46 EST 2021] Processing, The CA is processing your order, please just wait. (16/30)
[Thu Dec 9 08:55:49 EST 2021] Processing, The CA is processing your order, please just wait. (17/30)
[Thu Dec 9 08:55:51 EST 2021] Processing, The CA is processing your order, please just wait. (18/30)
[Thu Dec 9 08:55:54 EST 2021] Processing, The CA is processing your order, please just wait. (19/30)
[Thu Dec 9 08:55:57 EST 2021] Processing, The CA is processing your order, please just wait. (20/30)
[Thu Dec 9 08:56:01 EST 2021] Processing, The CA is processing your order, please just wait. (21/30)
[Thu Dec 9 08:56:05 EST 2021] Processing, The CA is processing your order, please just wait. (22/30)
[Thu Dec 9 08:56:08 EST 2021] Processing, The CA is processing your order, please just wait. (23/30)
[Thu Dec 9 08:56:11 EST 2021] Processing, The CA is processing your order, please just wait. (24/30)
[Thu Dec 9 08:56:15 EST 2021] Processing, The CA is processing your order, please just wait. (25/30)
[Thu Dec 9 08:56:17 EST 2021] Processing, The CA is processing your order, please just wait. (26/30)
[Thu Dec 9 08:56:21 EST 2021] Processing, The CA is processing your order, please just wait. (27/30)
[Thu Dec 9 08:56:24 EST 2021] Processing, The CA is processing your order, please just wait. (28/30)
[Thu Dec 9 08:56:26 EST 2021] Processing, The CA is processing your order, please just wait. (29/30)
[Thu Dec 9 08:56:29 EST 2021] buddy-baker.info:Timeout
[Thu Dec 9 08:56:29 EST 2021] Please check log file for more details: /root/.acme.sh/acme.sh.log
root@cardinal:~/.acme.sh#

I am assuming that it worked? I will have to do as this line:

[Thu Dec 9 08:56:29 EST 2021] buddy-baker.info:Timeout
[Thu Dec 9 08:56:29 EST 2021] Please check log file for more details: /root/.acme.sh/acme.sh.log

Directs, and renew the .info domain manually apparently, or maybe I will just run that renewer script again :wink:

Brian

56

That command was to issue the cert not to renew it.

3 Likes
57

@rg305

Ok, silly me, that had the --issue command in it - The Cron renews them when necessary. Is there a way to make the renewal happen every like 50 days or so?

Brian

58

ACME clients usually add scheduled jobs to check for renewals (twice a day).
The default renewal is 30 days prior to expiry.

2 Likes
59

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.