No emergency on this. The right things work. This is cleanup of detritus that shouldn’t be there.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: a-view.org
I ran this command: ls -laR and certbot certificates
It produced this output: see below with comments
My web server is (include version): nginx
The operating system my web server runs on is (include version): ubuntu 16.04 its
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no
OK, guys. I installed ghost blogging platform using their ghost-cli in two different ways. First, I had only one blog at this hosted VM. Then, I reconfigured to have 2 different blogs on the same VM. Ghost doesn’t document this particularly well, but once you look carefully at what the CLI does to setup Ghost and nginx, it’s reasonably obvious. I had to cleanup and start over on the blogs at /var/www and that all works-did it a while ago. Each time, of the 2 setups, I let Ghost’s script do the setup of letsencrypt.
I think I have a remnant of
1st pass: setup a-view.org as only Ghost blog with Letsencrypt and incorrectly create a blog with domain lnotes.a-view.org
2nd pass:
And I have a valid, working, up-to-date setup for a cert named a-view.org that represents 3 urls: a-view.org, www.a-view.org, lnotes.a-view.org. This works: Ghost is happy, nginx is happy, letsencrypt is happy.
Here is the cert for the result of the 2nd pass:
certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: a-view.org
Domains: a-view.org lnotes.a-view.org www.a-view.org
Expiry Date: 2018-12-12 22:56:17+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/a-view.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/a-view.org/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Here is the messy part. Below is the recursive listing, ls -laR, for /etc/letsencrypt. To help filter the noise a little bit, the good stuff is at /etc/letsencrypt/live/a-view.org and /etc/letsencrypt/archive/a-view.org, and /etc/letsencrypt/renewal.
I believe that the domains at the top level of /letsencrypt contain actual cert files (no live symlinked to archive) are bogus and contain certs that aren’t used at all–no nginx server block refers to them. These are /etc/letsencrypt/a-view.org and /etc/letsencrypt/lnotes.a-view.org. I believe I can delete these directories and the backup directory counterparts for each.
So, now–what the heck is all the other stuff? What do I need to keep? Is it in the right place? What can I remove?
Here is the directory listing:
ls -laR /etc/letsencrypt/
/etc/letsencrypt/:
total 252
drwxr-xr-x 14 root root 4096 Sep 14 15:14 .
drwxr-xr-x 97 root root 4096 Sep 2 01:11 ..
-rw-r--r-- 1 root root 221 Sep 14 00:12 account.conf
drwx------ 3 root root 4096 Sep 1 16:39 accounts
-rwxr-xr-x 1 root root 167870 Jun 1 05:17 acme.sh
-rw-r--r-- 1 root root 82 Jun 1 05:17 acme.sh.env
drwx------ 3 root root 4096 Sep 1 16:41 archive
drwxr-xr-x 3 root root 4096 Jun 1 05:17 a-view.org
drwxr-xr-x 3 root root 4096 Jun 1 05:17 ca
-rw-r--r-- 1 root root 121 Jul 21 18:04 cli.ini
drwxr-xr-x 2 root root 4096 Sep 13 23:56 csr
drwxr-xr-x 2 root root 4096 Jun 1 05:17 deploy
drwxr-xr-x 2 root root 4096 Jun 1 05:17 dnsapi
-rw-r--r-- 1 root root 481 Sep 14 00:12 http.header
drwx------ 2 root root 4096 Sep 13 23:56 keys
drwx------ 3 root root 4096 Sep 1 16:41 live
drwxr-xr-x 3 root root 4096 Aug 11 00:12 lnotes.a-view.org
-rw-r--r-- 1 root root 1143 Sep 1 16:38 options-ssl-nginx.conf
drwxr-xr-x 2 root root 4096 Sep 13 23:56 renewal
drwxr-xr-x 5 root root 4096 Sep 1 16:27 renewal-hooks
-rw-r--r-- 1 root root 424 Sep 1 16:38 ssl-dhparams.pem
-rw-r--r-- 1 root root 64 Sep 1 16:38 .updated-options-ssl-nginx-conf-digest.txt
-rw-r--r-- 1 root root 64 Sep 1 16:38 .updated-ssl-dhparams-pem-digest.txt
/etc/letsencrypt/accounts:
total 12
drwx------ 3 root root 4096 Sep 1 16:39 .
drwxr-xr-x 14 root root 4096 Sep 14 15:14 ..
drwx------ 3 root root 4096 Sep 1 16:39 acme-v02.api.letsencrypt.org
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 12
drwx------ 3 root root 4096 Sep 1 16:39 .
drwx------ 3 root root 4096 Sep 1 16:39 ..
drwx------ 3 root root 4096 Sep 1 16:39 directory
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 12
drwx------ 3 root root 4096 Sep 1 16:39 .
drwx------ 3 root root 4096 Sep 1 16:39 ..
drwx------ 2 root root 4096 Sep 1 16:39 caa2787c9669139339ece18a72952cf9
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/caa2787c9669139339ece18a72952cf9:
total 20
drwx------ 2 root root 4096 Sep 1 16:39 .
drwx------ 3 root root 4096 Sep 1 16:39 ..
-rw-r--r-- 1 root root 71 Sep 1 16:39 meta.json
-r-------- 1 root root 1632 Sep 1 16:39 private_key.json
-rw-r--r-- 1 root root 78 Sep 1 16:39 regr.json
/etc/letsencrypt/archive:
total 12
drwx------ 3 root root 4096 Sep 1 16:41 .
drwxr-xr-x 14 root root 4096 Sep 14 15:14 ..
drwxr-xr-x 2 root root 4096 Sep 13 23:56 a-view.org
/etc/letsencrypt/archive/a-view.org:
total 40
drwxr-xr-x 2 root root 4096 Sep 13 23:56 .
drwx------ 3 root root 4096 Sep 1 16:41 ..
-rw-r--r-- 1 root root 2163 Sep 1 16:41 cert1.pem
-rw-r--r-- 1 root root 2187 Sep 13 23:56 cert2.pem
-rw-r--r-- 1 root root 1647 Sep 1 16:41 chain1.pem
-rw-r--r-- 1 root root 1647 Sep 13 23:56 chain2.pem
-rw-r--r-- 1 root root 3810 Sep 1 16:41 fullchain1.pem
-rw-r--r-- 1 root root 3834 Sep 13 23:56 fullchain2.pem
-rw-r--r-- 1 root root 1704 Sep 1 16:41 privkey1.pem
-rw-r--r-- 1 root root 1708 Sep 13 23:56 privkey2.pem
/etc/letsencrypt/a-view.org:
total 40
drwxr-xr-x 3 root root 4096 Jun 1 05:17 .
drwxr-xr-x 14 root root 4096 Sep 14 15:14 ..
-rw-r--r-- 1 root root 2139 Jun 1 05:17 a-view.org.cer
-rw-r--r-- 1 root root 643 Sep 14 00:12 a-view.org.conf
-rw-r--r-- 1 root root 964 Sep 14 00:12 a-view.org.csr
-rw-r--r-- 1 root root 205 Sep 14 00:12 a-view.org.csr.conf
-rw-r--r-- 1 root root 1679 Jun 1 05:17 a-view.org.key
drwxr-xr-x 2 root root 4096 Jun 1 05:17 backup
-rw-r--r-- 1 root root 1647 Jun 1 05:17 ca.cer
-rw-r--r-- 1 root root 3786 Jun 1 05:17 fullchain.cer
/etc/letsencrypt/a-view.org/backup:
total 8
drwxr-xr-x 2 root root 4096 Jun 1 05:17 .
drwxr-xr-x 3 root root 4096 Jun 1 05:17 ..
/etc/letsencrypt/ca:
total 12
drwxr-xr-x 3 root root 4096 Jun 1 05:17 .
drwxr-xr-x 14 root root 4096 Sep 14 15:14 ..
drwxr-xr-x 2 root root 4096 Jun 1 05:17 acme-v01.api.letsencrypt.org
/etc/letsencrypt/ca/acme-v01.api.letsencrypt.org:
total 20
drwxr-xr-x 2 root root 4096 Jun 1 05:17 .
drwxr-xr-x 3 root root 4096 Jun 1 05:17 ..
-rw-r--r-- 1 root root 613 Jun 1 05:17 account.json
-rw------- 1 root root 1675 Jun 1 05:17 account.key
-rw-r--r-- 1 root root 128 Jun 1 05:17 ca.conf
/etc/letsencrypt/csr:
total 16
drwxr-xr-x 2 root root 4096 Sep 13 23:56 .
drwxr-xr-x 14 root root 4096 Sep 14 15:14 ..
-rw-r--r-- 1 root root 944 Sep 1 16:41 0000_csr-certbot.pem
-rw-r--r-- 1 root root 964 Sep 13 23:56 0001_csr-certbot.pem
/etc/letsencrypt/deploy:
total 96
drwxr-xr-x 2 root root 4096 Jun 1 05:17 .
drwxr-xr-x 14 root root 4096 Sep 14 15:14 ..
-rw-r--r-- 1 root root 506 Jun 1 05:17 apache.sh
-rw-r--r-- 1 root root 1805 Jun 1 05:17 cpanel_uapi.sh
-rw-r--r-- 1 root root 478 Jun 1 05:17 dovecot.sh
-rw-r--r-- 1 root root 3202 Jun 1 05:17 exim4.sh
-rw-r--r-- 1 root root 3855 Jun 1 05:17 fritzbox.sh
-rw-r--r-- 1 root root 509 Jun 1 05:17 haproxy.sh
-rw-r--r-- 1 root root 663 Jun 1 05:17 keychain.sh
-rwxr-xr-x 1 root root 2874 Jun 1 05:17 kong.sh
-rwxr-xr-x 1 root root 586 Jun 1 05:17 myapi.sh
-rw-r--r-- 1 root root 506 Jun 1 05:17 mysqld.sh
-rw-r--r-- 1 root root 503 Jun 1 05:17 nginx.sh
-rw-r--r-- 1 root root 512 Jun 1 05:17 opensshd.sh
-rw-r--r-- 1 root root 512 Jun 1 05:17 pureftpd.sh
-rw-r--r-- 1 root root 9182 Jun 1 05:17 README.md
-rw-r--r-- 1 root root 8078 Jun 1 05:17 ssh.sh
-rw-r--r-- 1 root root 1364 Jun 1 05:17 strongswan.sh
-rw-r--r-- 1 root root 2898 Jun 1 05:17 unifi.sh
-rw-r--r-- 1 root root 1622 Jun 1 05:17 vault_cli.sh
-rw-r--r-- 1 root root 3160 Jun 1 05:17 vsftpd.sh
/etc/letsencrypt/dnsapi:
total 316
drwxr-xr-x 2 root root 4096 Jun 1 05:17 .
drwxr-xr-x 14 root root 4096 Sep 14 15:14 ..
-rwxr-xr-x 1 root root 3458 Jun 1 05:17 dns_ad.sh
-rwxr-xr-x 1 root root 5094 Jun 1 05:17 dns_ali.sh
-rw-r--r-- 1 root root 5985 Jun 1 05:17 dns_autodns.sh
-rwxr-xr-x 1 root root 10944 Jun 1 05:17 dns_aws.sh
-rw-r--r-- 1 root root 12145 Jun 1 05:17 dns_azure.sh
-rwxr-xr-x 1 root root 5403 Jun 1 05:17 dns_cf.sh
-rwxr-xr-x 1 root root 5116 Jun 1 05:17 dns_cloudns.sh
-rwxr-xr-x 1 root root 4021 Jun 1 05:17 dns_cx.sh
-rw-r--r-- 1 root root 9960 Jun 1 05:17 dns_cyon.sh
-rwxr-xr-x 1 root root 5638 Jun 1 05:17 dns_da.sh
-rwxr-xr-x 1 root root 7491 Jun 1 05:17 dns_dgon.sh
-rw-r--r-- 1 root root 4805 Jun 1 05:17 dns_dnsimple.sh
-rwxr-xr-x 1 root root 3656 Jun 1 05:17 dns_do.sh
-rwxr-xr-x 1 root root 3817 Jun 1 05:17 dns_dp.sh
-rw-r--r-- 1 root root 2180 Jun 1 05:17 dns_dreamhost.sh
-rwxr-xr-x 1 root root 3618 Jun 1 05:17 dns_duckdns.sh
-rw-r--r-- 1 root root 7984 Jun 1 05:17 dns_dyn.sh
-rw-r--r-- 1 root root 5105 Jun 1 05:17 dns_dynu.sh
-rwxr-xr-x 1 root root 11589 Jun 1 05:17 dns_freedns.sh
-rwxr-xr-x 1 root root 2909 Jun 1 05:17 dns_gandi_livedns.sh
-rwxr-xr-x 1 root root 4157 Jun 1 05:17 dns_gd.sh
-rwxr-xr-x 1 root root 5671 Jun 1 05:17 dns_he.sh
-rw-r--r-- 1 root root 3325 Jun 1 05:17 dns_infoblox.sh
-rwxr-xr-x 1 root root 6861 Jun 1 05:17 dns_inwx.sh
-rwxr-xr-x 1 root root 6600 Jun 1 05:17 dns_ispconfig.sh
-rw-r--r-- 1 root root 3376 Jun 1 05:17 dns_kinghost.sh
-rw-r--r-- 1 root root 1985 Jun 1 05:17 dns_knot.sh
-rwxr-xr-x 1 root root 2190 Jun 1 05:17 dns_lexicon.sh
-rwxr-xr-x 1 root root 4697 Jun 1 05:17 dns_linode.sh
-rwxr-xr-x 1 root root 3978 Jun 1 05:17 dns_lua.sh
-rw-r--r-- 1 root root 3918 Jun 1 05:17 dns_me.sh
-rwxr-xr-x 1 root root 937 Jun 1 05:17 dns_myapi.sh
-rwxr-xr-x 1 root root 4277 Jun 1 05:17 dns_namecom.sh
-rwxr-xr-x 1 root root 3629 Jun 1 05:17 dns_namesilo.sh
-rw-r--r-- 1 root root 3928 Jun 1 05:17 dns_nsone.sh
-rwxr-xr-x 1 root root 1477 Jun 1 05:17 dns_nsupdate.sh
-rwxr-xr-x 1 root root 7780 Jun 1 05:17 dns_ovh.sh
-rwxr-xr-x 1 root root 3831 Jun 1 05:17 dns_pdns.sh
-rw-r--r-- 1 root root 3706 Jun 1 05:17 dns_selectel.sh
-rwxr-xr-x 1 root root 4470 Jun 1 05:17 dns_servercow.sh
-rw-r--r-- 1 root root 5225 Jun 1 05:17 dns_unoeuro.sh
-rwxr-xr-x 1 root root 3716 Jun 1 05:17 dns_vscale.sh
-rwxr-xr-x 1 root root 3264 Jun 1 05:17 dns_yandex.sh
-rw-r--r-- 1 root root 3160 Jun 1 05:17 dns_zilore.sh
-rw-r--r-- 1 root root 2124 Jun 1 05:17 dns_zonomi.sh
-rw-r--r-- 1 root root 23497 Jun 1 05:17 README.md
/etc/letsencrypt/keys:
total 16
drwx------ 2 root root 4096 Sep 13 23:56 .
drwxr-xr-x 14 root root 4096 Sep 14 15:14 ..
-rw------- 1 root root 1704 Sep 1 16:41 0000_key-certbot.pem
-rw------- 1 root root 1708 Sep 13 23:56 0001_key-certbot.pem
/etc/letsencrypt/live:
total 12
drwx------ 3 root root 4096 Sep 1 16:41 .
drwxr-xr-x 14 root root 4096 Sep 14 15:14 ..
drwxr-xr-x 2 root root 4096 Sep 13 23:56 a-view.org
/etc/letsencrypt/live/a-view.org:
total 12
drwxr-xr-x 2 root root 4096 Sep 13 23:56 .
drwx------ 3 root root 4096 Sep 1 16:41 ..
lrwxrwxrwx 1 root root 34 Sep 13 23:56 cert.pem -> ../../archive/a-view.org/cert2.pem
lrwxrwxrwx 1 root root 35 Sep 13 23:56 chain.pem -> ../../archive/a-view.org/chain2.pem
lrwxrwxrwx 1 root root 39 Sep 13 23:56 fullchain.pem -> ../../archive/a-view.org/fullchain2.pem
lrwxrwxrwx 1 root root 37 Sep 13 23:56 privkey.pem -> ../../archive/a-view.org/privkey2.pem
-rw-r--r-- 1 root root 682 Sep 1 16:41 README
/etc/letsencrypt/lnotes.a-view.org:
total 40
drwxr-xr-x 3 root root 4096 Aug 11 00:12 .
drwxr-xr-x 14 root root 4096 Sep 14 15:14 ..
drwxr-xr-x 2 root root 4096 Jun 12 17:12 backup
-rw-r--r-- 1 root root 1647 Aug 11 00:12 ca.cer
-rw-r--r-- 1 root root 3806 Aug 11 00:12 fullchain.cer
-rw-r--r-- 1 root root 2159 Aug 11 00:12 lnotes.a-view.org.cer
-rw-r--r-- 1 root root 657 Aug 11 00:12 lnotes.a-view.org.conf
-rw-r--r-- 1 root root 985 Aug 11 00:12 lnotes.a-view.org.csr
-rw-r--r-- 1 root root 212 Aug 11 00:12 lnotes.a-view.org.csr.conf
-rw-r--r-- 1 root root 1679 Jun 12 17:12 lnotes.a-view.org.key
/etc/letsencrypt/lnotes.a-view.org/backup:
total 8
drwxr-xr-x 2 root root 4096 Jun 12 17:12 .
drwxr-xr-x 3 root root 4096 Aug 11 00:12 ..
/etc/letsencrypt/renewal:
total 12
drwxr-xr-x 2 root root 4096 Sep 13 23:56 .
drwxr-xr-x 14 root root 4096 Sep 14 15:14 ..
-rw-r--r-- 1 root root 507 Sep 13 23:56 a-view.org.conf
/etc/letsencrypt/renewal-hooks:
total 20
drwxr-xr-x 5 root root 4096 Sep 1 16:27 .
drwxr-xr-x 14 root root 4096 Sep 14 15:14 ..
drwxr-xr-x 2 root root 4096 Sep 1 16:27 deploy
drwxr-xr-x 2 root root 4096 Sep 1 16:27 post
drwxr-xr-x 2 root root 4096 Sep 1 16:27 pre
/etc/letsencrypt/renewal-hooks/deploy:
total 8
drwxr-xr-x 2 root root 4096 Sep 1 16:27 .
drwxr-xr-x 5 root root 4096 Sep 1 16:27 ..
/etc/letsencrypt/renewal-hooks/post:
total 8
drwxr-xr-x 2 root root 4096 Sep 1 16:27 .
drwxr-xr-x 5 root root 4096 Sep 1 16:27 ..
/etc/letsencrypt/renewal-hooks/pre:
total 8
drwxr-xr-x 2 root root 4096 Sep 1 16:27 .
drwxr-xr-x 5 root root 4096 Sep 1 16:27 ..