What shows?:
certbot certificates
That seems like an incorrect assumption.
If you did a manual DNS challenge, you will have to renew it manually.
What shows?:
certbot certificates
That seems like an incorrect assumption.
If you did a manual DNS challenge, you will have to renew it manually.
Certificate Name: workandtravel.world
Serial Number: [[redacted]]
Key Type: RSA
Domains: *.workandtravel.world workandtravel.world
Expiry Date: 2023-08-16 18:01:53+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/workandtravel.world/fullchain.pem
Private Key Path: /etc/letsencrypt/live/workandtravel.world/privkey.pem
That seems like an incorrect assumption.
If you did a manual DNS challenge, you will have to renew it manually.
[/quote]
since which version, i had it working for a while i guess...
A backup/restore won't make that cert any less expired.
You need to obtain a new one.
If you don't need the wildcard, renewal automation is easier.
If you do need the wildcard, then you will have to understand it requires a DSP that allows for API updates and an ACME client with a plugin that supports that DSP.
Since wildcard certs have been issued by LE.
You must reauthenticate via DNS for each and every issuance [renewals are issuances].
What is a DSP, i will search for it and implement it, my content management system can use a DSP.
Kind regards, Remco
There is no need to redact public information:
Furthermore, that cert is already expired.
I am currently using it, don't want to bring my system down...
DNS
Service
Provider
Using what?
The cert shown is expired - it needs to be replaced.
what happended to crt.sh | 10689063872 ?
i tried reinstalling the system but with over a million files it is very slow in docker, i cancelled it and when i login it restores the certificates stored in my data directory. it seems it got overwritten by my script and the backup isn't overwriting the restore point.
I am currently enjoying other things than software so i cannot check it.
i have checked my steps:
when i log in, i do a restore of the certificates without a apache2 restart / refresh yet.
certbot certificates shows then that they are all expired (after the backup is restored)
certbot renew will update the certificates to the valid ones
i will create a backup here.
i will restart apache2 here
mail myself the certifcates
log in to my dns provider with a chrome browser
use expect to read the challenges and automate it further. thats not that easy by the way, is there a chance to automate wildcard domains, i am using 1 level subdomains and i believe that is more secure then using one domain.
also for a keyserver you can use uuids as a subdomain and wait for 5 invalid attempts from other services and change the subdomain easy...
i do a restore of the certificates
Why would step one be to restore?
If nothing has changed, the restore would not change anything.
If anything has changed, the restore would overwrite it with older information.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.