I can see theres an archive and also a conf file for the domain.
I created the conf file for my domain , this was the domain that I copied my certs over for. I then incorrectly copied the certs from /live into /archive
When I ran a dry run renewal, it causes a traceback presumably because /archive is symlinks
Can someone explain how I go about adding my copied certs into the auto renewal process?
To better understand what actually happened during the copy…
Maybe you can output these into a file and upload it here (or via service like paste.bin): ls -lR /etc/letsencrypt/archive/ ls -lR /etc/letsencrypt/live/
Since live and archive are NOT same date and time:
[you may have to validate which certs are valid (or just assume the on in archive is good)]
To continue using the ARCHIVE cert:
You can fix the symlinks with: cd /etc/letsencrypt/live/automate.nsautomate.com.au rm *.pem ln -s ../../archive/automate.nsautomate.com.au/cert.pem cert.pem ln -s ../../archive/automate.nsautomate.com.au/chain.pem chain.pem ln -s ../../archive/automate.nsautomate.com.au/fullchain.pem fullchain.pem ln -s ../../archive/automate.nsautomate.com.au/privkey.pem privkey.pem
To continue using the LIVE cert:
You can fix the symlinks with:
[just one extra step - cp the live over the archive] cd /etc/letsencrypt/live/automate.nsautomate.com.au cp *.pem ../../archive/automate.nsautomate.com.au rm *.pem ln -s ../../archive/automate.nsautomate.com.au/cert.pem cert.pem ln -s ../../archive/automate.nsautomate.com.au/chain.pem chain.pem ln -s ../../archive/automate.nsautomate.com.au/fullchain.pem fullchain.pem ln -s ../../archive/automate.nsautomate.com.au/privkey.pem privkey.pem
To continue using the LIVE cert:
You can fix the symlinks with:
[just one extra step - cp the live over the archive] cd /etc/letsencrypt/live/automate.nsautomate.com.au cp *.pem ../../archive/automate.nsautomate.com.au rm *.pem ln -s ../../archive/automate.nsautomate.com.au/cert.pem cert1.pem ln -s ../../archive/automate.nsautomate.com.au/chain.pem chain1.pem ln -s ../../archive/automate.nsautomate.com.au/fullchain.pem fullchain1.pem ln -s ../../archive/automate.nsautomate.com.au/privkey.pem privkey1.pem
Or, do I just go into the archive file and mv the file to cert1.pem for example?
I think it may be better like:
0 0 * * 5 cd /etc/letsencrypt && ./certbot renew
[presuming that which certbot returns: /etc/letsencrypt/certbot]
[otherwise, adjust accordingly]
But be sure there isn't one already in systemd: systemctl list-timers | grep -i cert
[if one is found there: cat /lib/systemd/system/certbot.service | grep -i ExecStart]