Ok show this file:
/etc/apache2/sites-enabled/buddy-baker.com-le-ssl.conf
here is that file you wanted:
<IfModule mod_ssl.c>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#Server is EAGLE (Default for buddy-baker.com domain)
<VirtualHost *:443>
ServerName buddy-baker.com
ServerAdmin root@localhost
ServerAlias www.buddy-baker.com
DocumentRoot /var/www/eagle.bbdc/public
ErrorLog /var/www/eagle.bbdc/logs/eagle.error.log
CustomLog /var/www/eagle.bbdc/logs/access.log combined
LogLevel info ssl:warn
<Directory /var/www/eagle.bbdc>
DirectoryIndex index.html index.php
Options +Indexes +FollowSymLinks +Multiviews
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
<Directory /var/www/eagle.bbdc/public>
DirectoryIndex index.html index.php
Options +Indexes +FollowSymLinks +Multiviews
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
SSLCertificateFile /etc/letsencrypt/live/www.buddy-baker.us/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.buddy-baker.us/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
###############################################################
#ErrorLog ${APACHE_LOG_DIR}/error.log
#CustomLog ${APACHE_LOG_DIR}/access.log combined
###############################################################
</IfModule>
As I am aware, I probably have to remove:
SSLCertificateFile /etc/letsencrypt/live/www.buddy-baker.us/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.buddy-baker.us/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Because I have new certs, I would have to change those: Dont know what to change it to??
Brian
To the new files found somewhere in folder within the acme.sh
directory.
Show:
find / -name fullchain.cer
Here is that find output:
root@cardinal:/etc/apache2# find / -name fullchain.cer
/root/.acme.sh/buddy-baker.org/fullchain.cer
/root/.acme.sh/buddy-baker.info/fullchain.cer
/root/.acme.sh/buddy-baker.com/fullchain.cer
/root/.acme.sh/buddy-baker.us/fullchain.cer
root@cardinal:/etc/apache2#
Brian
I'll give you one and you can do the rest from there.
Change:
To:
SSLCertificateFile /root/.acme.sh/buddy-baker.us/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/buddy-baker.us/buddy-baker.us.key
Restart Apache
and check the site works securely.
And when you get a chance, redo those certs and include the "www" names.
If you can manage it, try making one cert with ALL the names on it (all eight names).
rg305:
OK: when I redo the whole thing would I do this for all certs in one line like below?
=============================================================================
./acme.sh --issue -d buddy-baker.info -w /var/www/mallard.dkpi/public --issue -d buddy-baker.com -w /var/www/eagle.bbdc/public --issue -d buddy-baker.us -w /var/www/html --issue -d buddy-baker.org -w /var/www/bluejay.bbdo/public
Reason I ask is because all of my domains are in seprate directories, so I assume that I would be using -w for working directories 4 times. I will follow your above instructions to change the certs and keys used as you suggested. (I would also add the www names to this as well)
Brian
rg305:
I have completed the ssl change, it took a few minutes and a restart of Apache2, and then a reboot of the system, but it does appear that the system is responding with the changes you asked me to do. When I get close to renewal, I will do all 8 names at once, I just want to make sure that I have the command syntax correct.
Thank you for your help, I REALLY appreciate it
Brian-
You only need to use "--issue
" once in that looooong request.
Yes. Since the working directories are all different.
You state the domain(s) first then immediately follow with the directory (repeat that pattern as needed).
OK: So it sounds like I do:
./acme.sh --issue -d buddy-baker.info -w /var/www/mallard.dkpi -d buddy-baker.com -w /var/www/eagle.bbdc -d buddy-baker.us -w /var/www/html -d buddy-baker.org -w /var/www/bluejay.bbdo/public
-d www.buddy-baker.us -w /var/www/html -d www.buddy-baker.com -w /var/www/eagle.bbdc -d www.buddy-baker.org -w /var/www/bluejay.bbdo/public -d www.buddy-baker.info -w /var/www/mallard.dkpi
Correct?
Brian
Let me try simplifing that for you:
./acme.sh --issue \
-d "buddy-baker.info,www.buddy-baker.info" -w /var/www/mallard.dkpi \
-d "buddy-baker.com,www.buddy-baker.com" -w /var/www/eagle.bbdc \
-d "buddy-baker.us,www.buddy-baker.us" -w /var/www/html \
-d "buddy-baker.org,www.buddy-baker.org" -w /var/www/bluejay.bbdo/public
Question: How do I run that: I get:
root@cardinal:~# ./acme.sh --issue \
-d "buddy-baker.info,www.buddy-baker.info" -w /var/www/mallard.dkpi
-d "buddy-baker.com,www.buddy-baker.com" -w /var/www/eagle.bbdc
-d "buddy-baker.us,www.buddy-baker.us" -w /var/www/html
-d "buddy-baker.org,www.buddy-baker.org" -w /var/www/bluejay.bbdo/public
-su: ./acme.sh: Is a directory
From my command line: am I doing something wrong?
Brian
You're likely not in the right place.
Try doing this first:
cd /root/.acme.sh
OR
/root/.acme.sh/acme.sh --issue \
-d "buddy-baker.info,www.buddy-baker.info" -w /var/www/mallard.dkpi \
-d "buddy-baker.com,www.buddy-baker.com" -w /var/www/eagle.bbdc \
-d "buddy-baker.us,www.buddy-baker.us" -w /var/www/html \
-d "buddy-baker.org,www.buddy-baker.org" -w /var/www/bluejay.bbdo/public
I took that info you gave me, and then did a 'nano acme,renewer.sh' then stuck all that in that file. I chmoded that file, then did:
./acme.renewer.sh
and I got the following:
root@cardinal:~/.acme.sh# ./acme.renewer.sh
[Thu Dec 9 08:54:43 EST 2021] Domains have changed.
[Thu Dec 9 08:54:44 EST 2021] Using CA: https://acme.zerossl.com/v2/DV90
[Thu Dec 9 08:54:44 EST 2021] Multi domain='DNS:buddy-baker.info,DNS:www.buddy-baker.info,DNS:buddy-baker.com,DNS:www.buddy-baker.com,DNS:buddy-baker.us,DNS:www.buddy-baker.us,DNS:buddy-baker.org,DNS:www.buddy-baker.org'
[Thu Dec 9 08:54:44 EST 2021] Getting domain auth token for each domain
[Thu Dec 9 08:54:58 EST 2021] Getting webroot for domain='buddy-baker.info'
[Thu Dec 9 08:54:58 EST 2021] Getting webroot for domain='www.buddy-baker.info'
[Thu Dec 9 08:54:58 EST 2021] Getting webroot for domain='buddy-baker.com'
[Thu Dec 9 08:54:58 EST 2021] Getting webroot for domain='www.buddy-baker.com'
[Thu Dec 9 08:54:58 EST 2021] Getting webroot for domain='buddy-baker.us'
[Thu Dec 9 08:54:59 EST 2021] Getting webroot for domain='www.buddy-baker.us'
[Thu Dec 9 08:54:59 EST 2021] Getting webroot for domain='buddy-baker.org'
[Thu Dec 9 08:54:59 EST 2021] Getting webroot for domain='www.buddy-baker.org'
[Thu Dec 9 08:54:59 EST 2021] Verifying: buddy-baker.info
[Thu Dec 9 08:54:59 EST 2021] Processing, The CA is processing your order, please just wait. (1/30)
[Thu Dec 9 08:55:02 EST 2021] Processing, The CA is processing your order, please just wait. (2/30)
[Thu Dec 9 08:55:04 EST 2021] Processing, The CA is processing your order, please just wait. (3/30)
[Thu Dec 9 08:55:07 EST 2021] Processing, The CA is processing your order, please just wait. (4/30)
[Thu Dec 9 08:55:10 EST 2021] Processing, The CA is processing your order, please just wait. (5/30)
[Thu Dec 9 08:55:14 EST 2021] Processing, The CA is processing your order, please just wait. (6/30)
[Thu Dec 9 08:55:18 EST 2021] Processing, The CA is processing your order, please just wait. (7/30)
[Thu Dec 9 08:55:22 EST 2021] Processing, The CA is processing your order, please just wait. (8/30)
[Thu Dec 9 08:55:25 EST 2021] Processing, The CA is processing your order, please just wait. (9/30)
[Thu Dec 9 08:55:29 EST 2021] Processing, The CA is processing your order, please just wait. (10/30)
[Thu Dec 9 08:55:31 EST 2021] Processing, The CA is processing your order, please just wait. (11/30)
[Thu Dec 9 08:55:35 EST 2021] Processing, The CA is processing your order, please just wait. (12/30)
[Thu Dec 9 08:55:38 EST 2021] Processing, The CA is processing your order, please just wait. (13/30)
[Thu Dec 9 08:55:40 EST 2021] Processing, The CA is processing your order, please just wait. (14/30)
[Thu Dec 9 08:55:43 EST 2021] Processing, The CA is processing your order, please just wait. (15/30)
[Thu Dec 9 08:55:46 EST 2021] Processing, The CA is processing your order, please just wait. (16/30)
[Thu Dec 9 08:55:49 EST 2021] Processing, The CA is processing your order, please just wait. (17/30)
[Thu Dec 9 08:55:51 EST 2021] Processing, The CA is processing your order, please just wait. (18/30)
[Thu Dec 9 08:55:54 EST 2021] Processing, The CA is processing your order, please just wait. (19/30)
[Thu Dec 9 08:55:57 EST 2021] Processing, The CA is processing your order, please just wait. (20/30)
[Thu Dec 9 08:56:01 EST 2021] Processing, The CA is processing your order, please just wait. (21/30)
[Thu Dec 9 08:56:05 EST 2021] Processing, The CA is processing your order, please just wait. (22/30)
[Thu Dec 9 08:56:08 EST 2021] Processing, The CA is processing your order, please just wait. (23/30)
[Thu Dec 9 08:56:11 EST 2021] Processing, The CA is processing your order, please just wait. (24/30)
[Thu Dec 9 08:56:15 EST 2021] Processing, The CA is processing your order, please just wait. (25/30)
[Thu Dec 9 08:56:17 EST 2021] Processing, The CA is processing your order, please just wait. (26/30)
[Thu Dec 9 08:56:21 EST 2021] Processing, The CA is processing your order, please just wait. (27/30)
[Thu Dec 9 08:56:24 EST 2021] Processing, The CA is processing your order, please just wait. (28/30)
[Thu Dec 9 08:56:26 EST 2021] Processing, The CA is processing your order, please just wait. (29/30)
[Thu Dec 9 08:56:29 EST 2021] buddy-baker.info:Timeout
[Thu Dec 9 08:56:29 EST 2021] Please check log file for more details: /root/.acme.sh/acme.sh.log
root@cardinal:~/.acme.sh#
I am assuming that it worked? I will have to do as this line:
[Thu Dec 9 08:56:29 EST 2021] buddy-baker.info:Timeout
[Thu Dec 9 08:56:29 EST 2021] Please check log file for more details: /root/.acme.sh/acme.sh.log
Directs, and renew the .info domain manually apparently, or maybe I will just run that renewer script again
Brian
That command was to issue the cert not to renew it.
Ok, silly me, that had the --issue command in it - The Cron renews them when necessary. Is there a way to make the renewal happen every like 50 days or so?
Brian
ACME clients usually add scheduled jobs to check for renewals (twice a day).
The default renewal is 30 days prior to expiry.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.