CertSage for certificate renewal

At the end of October last year I obtained SSL certificates for two of my sites fractal-timewave.com and hermetic-systems.com I got the SSL certificates using CertSage with the help of The Griffin (of Griffin Software). The PHP file I uploaded was certsagenc.php which is certsage.php with four in-code permissions modified by The Griffin. I sent the files generated by CertSage (certificate.key, certificate.crt and others) to my ISP, which installed them. All working OK and the SSL is OK.

But now I need to renew the certificates, which expire in a week, and I have forgotten how to do it. I'm using Windows 7 and FileZilla for FTP. I've uploaded certsagenc.php to my fractal-timewave.com server (Apache OS) and I created a folder on that server at one level above the root folder (which hold my public files). I gave this folder permissions drwxrwxrwx (more than needed but not less).

I called up CertSage, clicked on 'Production", specified my email address and two domain names (fractal-timewave.com and another) for which I need certificates. After clicking on 'Proceed' CertSage then replied with: Trouble...authorization failed

Would The Griffin kindly advise what I should be doing that I'm not doing.

1 Like

Tagging @griffin

3 Likes

Sorry I hadn't replied to your email yet. Have been very busy over the holiday.


The problem you are facing is due to trying to combine the two domain names into one certificate. Since CertSage creates the ACME challenge files for the HTTP-01 challenge in ./.well-known/acme-challenge/, only domain names sharing the same webroot directory where the running copy of CertSage is located can be combined into one certificate. Thus, fractal-timewave.com and www.fractal-timewave.com should be on one certificate while hermetic-systems.com and www.hermetic-systems.com should be on another certificate. This is consistent with what you did before per the certificate histories of both domain names:


The current version of CertSage no longer uses the code.txt file and has corrected permissions, so you should be able to directly benefit from its streamlining and improved stability.

The following table shows the lines to modify in the current version should you wish to customize file and directory names, locations, and permissions.

Entity Line Number
CertSage directory name and location 018
CertSage directory permissions 285
account.key file name 266
account-staging.key file name 273
account.key and account-staging.key file location 377
account.key and account-staging.key file permissions 379
certificate.crt file name and location 636
certificate.crt file permissions 638
certificate.key file name and location 640
certificate.key file permissions 642
responses.txt file name and location 647 and 686
responses.txt file permissions 649 and 688

You only need to provide the certificate.crt and certificate.key files to your hosting provider. The account.key and account-staging.key files are for your eyes only. The responses.txt file is purely for troubleshooting purposes and contains nothing sensitive should you ever wish to post it here or email it.

6 Likes

Silly me! I did not think to do each domain separately. Just now I tried CertSage (earlier version) again and it worked fine -- it put the four output files in the CertSage folder one level above the www folder (as seen on my server using FileZilla). Many thanks!

I'll now try the new version of CertSage with the modifications you stated. Then will give the required files to my ISP.

1 Like

Glad it worked, my friend!

:partying_face:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.