abUrs
May 4, 2019, 3:29pm
1
My domain is: wohnungsmarkt-aschaffenburg.de - wohnungsmarkt-bamberg.de and 6 more
I ran this command:
It produced this output:
My web server is (include version): Ubuntu 16.04.5
The operating system my web server runs on is (include version): GNU/Linux 4.4.0-042
My hosting provider, if applicable, is: Server4you
I can login to a root shell on my machine (yes or no, or I don’t know): I think yes, over putty?
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ftp/phpmyadmin?
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): 0.26.1
Hi,
I have the following “problem”:
I have 8 domains on the server.
1 ssl is not expired, the rest are expired
Certbot is on the server (with a cronjob under cron.d - but this doesn’t work)
I want to open an new account (I havn’t done already) on Letsenscrypt to have my own account (the actuel account isn’t mine)
I want the right installation of the certbot and a cronjob that works to haven’t the problem of the expired certificats
What is the right/best way to get these without have doubled or deleted things on the server.
Thank for your help.
Adrian
Hi @abUrs
checking your first domain ( https://check-your-website.server-daten.de/?q=wohnungsmarkt-aschaffenburg.de ) there are a lot of certificates visible:
CRT-Id
Issuer
not before
not after
Domain names
LE-Duplicate
next LE
1218507390
CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US
2019-02-19 23:08:44
2019-05-20 23:08:44
wohnungsmarkt-aschaffenburg.de
1 entries
975188878
CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US
2018-11-25 12:11:33
2019-02-23 12:11:33
wohnungsmarkt-aschaffenburg.de
1 entries
523019562
CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US
2018-06-12 21:20:29
2018-09-10 21:20:29
wohnungsmarkt-aschaffenburg.de
1 entries
397344107
CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US
2018-04-13 21:51:26
2018-07-12 21:51:26
wohnungsmarkt-aschaffenburg.de
1 entries
328777518
CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US
2018-02-12 22:16:26
2018-05-13 22:16:26
wohnungsmarkt-aschaffenburg.de
1 entries
278392368
CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US
2017-12-14 17:36:33
2018-03-14 17:36:33
wohnungsmarkt-aschaffenburg.de
1 entries
267014535
CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US
2017-11-29 22:47:17
2018-02-27 22:47:17
wohnungsmarkt-aschaffenburg.de
1 entries
Looks like you have a very old configuration. Perhaps you have used tls-sni-01 validation, that’s not longer supported (stopped 2019-03~15).
So first step: Check, if it is possible to update your Certbot.
Then check
manage your account with Let's Encrypt:
register Create a Let's Encrypt ACME account
unregister Deactivate a Let's Encrypt ACME account
update_account Update a Let's Encrypt ACME account
You should be able to unregister the old account, then create a new. I don’t know if 0.26 supports these commands, so first update your Certbot.
The not working config may be result of this too old configuration.
But the CT-list shows, that you use a wrong certificate.
You should create a certificate with both domain names - www and non-www with the -d option.
abUrs
May 5, 2019, 12:42pm
3
Hi Jürgen,
thank you for your answer. It worked.
I updated the certbot
I created the certificates (www and non-www)
Two questions:
under etc/letsenscrypt/renewal - some .conf are from today with the newest version of Certbot 0.31. others are “old” with the version of Certbot 0.26. - but all certificates are working - why aren’t all of them changed? Is this a problem?
I have this under etc/cron.d - this hasn’t worked, because the certificates expired. What is wrong with this ?
/etc/cron.d/certbot: crontab entries for the certbot package
Upstream recommends attempting renewal twice a day
Eventually, this will be an opportunity to validate certificates
haven’t been revoked, etc. Renewal will only occur if expiration
is within 30 days.
Important Note! This cronjob will NOT be executed if you are
running systemd as your init system. If you are running systemd,
the cronjob.timer function takes precedence over this cronjob. For
more details, see the systemd.timer manpage, or use systemctl show
certbot.timer.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e ‘sleep int(rand(43200))’ && certbot -q renew
abUrs:
It worked.
Happy to read that it had worked.
I don't know. Check, if the next renew works. If yes, ignore it.
abUrs:
this hasn’t worked
It may have not worked because of your too old configuration. If the client tries to use tls-sni-01 validation, that can't work.
So the same: Check your certificates if the next renew works.
Use
certbot certificates
to see, how long they are valid.
abUrs
May 5, 2019, 3:11pm
5
Ok, I’ll take a look in 90 days.
Thanks for your time.
No, not in 90 days, that's too late.
Check your certificates with
certbot certificates
to find your oldest certificate.
Certbot should renew that if it is less then 30 days valid. That should work.
A typical installation should always have a "backup time" of 30 or 20 days to check, if there are errors.
system
Closed
June 4, 2019, 4:25pm
7
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.