Dealing with configuration errors

Hi @gpatel-fr

I've created a new topic to split your question from the original topic ( Cert shows as active, is treated as if expired - #18 by gpatel-fr ):

If a configuration is buggy, there are two options:

  • find the bug and fix it (or)
  • delete all and start new. That begins with delete /etc/letsencrypt. That kills all certificates -> next step, the webserver doesn't start again, because the certificate file doesn't exist. So the next certificate creation doesn't work. So it's something that escalates: Simple problem (wrong SSLCertificateKeyFile / SSLCertificateFile ) -> hitted limit and a not longer working webserver.

Normally, that's great. Creating the first certificate Certbot adds symlinks:

SSLCertificateKeyFile /etc/letsencrypt/live/certificatename/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/certificatename/fullchain.pem

These symlinks point to the newest version.

Renew a certificate without changing the set of domain names -> new archive entries -> Certbot changes the symlinks, but doesn't touch the config file -> a restart is enough.

Problem: It's possible to skip the hitted limit creating a certificate with a different set of domain names (sample: Adding blog.domainname). But if the current certificate creation has worked, but the certificate isn't installed (or installed in the wrong vHost, so the certificate isn't online visible), installing this certificate requires to change the configuration Certbot doesn't understand.

SSLCertificateKeyFile /etc/letsencrypt/live/certificatename/privkey.pem

is replaced with something like

SSLCertificateKeyFile /etc/letsencrypt/live/certificatename-0001/privkey.pem

So that may not work -> same situation.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.