I create my certificates manually at the command line for each of my client websites using this command:
certbot certonly --webroot -w /home/web/client_01/www -d clientdomain.com,www.clientdomain.com
A few weeks ago I changed the folders for a bunch of client websites, for example: /home/web/client_01/ was changed to /home/web/001/
I was told in a post I made here at the time that I won't need to revoke and reissue certificates if I just change the name of the website folder, but, it turns out that Certbot is giving me an error now for some of these sites.
Domain: clientdomain.com
Type: unauthorized
Detail: Invalid response from
https://www.clientdomain.com/.well-known/acme-challenge/i3-uAw9hiem36kqvY9_PeO2burX2ypTdwbR1QtIcOp3
When I tried to renew the certificate using the verbose flag, I saw this in the output:
http-01 challenge for clientdomain.com
http-01 challenge for www.clientdomain.com
Using the webroot path /home/web/client_01/www for all unmatched domains.
Creating root challenges validation dir at /home/web/client_01/www/.well-known/acme-challenge
Unable to change owner and uid of webroot directory
Error was: [Errno 2] No such file or directory: '/home/web/client_01/www'
It seems that the folder location is stored with the certificate and it appears I do need to reissue the certificate using the new website folder after all.
Do I need to revoke the certificates first, then recreate them? Or can I simply issue this same command with the new folder name to get the old certificate overwritten with the new one?
certbot certonly --webroot -w /home/web/001/www -d clientdomain.com,www.clientdomain.com
My certificates are stored like this:
/etc/letsencrypt/live/clientdomain.com/cert.pem
/etc/letsencrypt/live/clientdomain.com/chain.pem
/etc/letsencrypt/live/clientdomain.com/privkey.pem
If I issue the above command, will that simply replace the certificate files above with new ones, or will it create new certificate files like this:
/etc/letsencrypt/live/clientdomain.com-002/cert.pem
/etc/letsencrypt/live/clientdomain.com-002/chain.pem
/etc/letsencrypt/live/clientdomain.com-002/privkey.pem
I want to avoid that because I have dozens of sites that I will have to recreate certificates for, so if I could at least keep the same certificate file names in /etc/letsencrypt/live/ that would prevent me from also having to modify a bunch of .conf files as well.
Thanks!
My web server is (include version): Apache 2.4.6
The operating system my web server runs on is (include version): CentOS 7.8
I can login to a root shell on my machine: Yes
Iām using a control panel to manage my site: No
The version of my client is: 1.7.0