Expired certificate


#1

Sorry for delay but this was becoming an issue
Original thread

I believe I solved the issue today
But I see this certificate has 27 days

How can I renew and not run same issues
What is the command I should run to renew

Thanks


#2

Normally something like sudo certbot renew or sudo certbot-auto renew (depending on how you installed Certbot). From your older thread, it sounds like you also don’t have this integrated with your web server in an automated way, so if the renewal works, you may have to repeat the steps to get lighttpd to use your new certificate.

If it doesn’t work, feel free to let us know what commands you ran and what output you saw.


#3

Do I need to enter or respond to auesti0ns or does it happens on its own


#4

The renew subcommand should work without asking you anything, if it works at all.


#5

Ok my renewal was successful
Congratulations, all renewals succeeded. The following certs have been renewed:

But I didn’t see new expiration date

Last tim3 I had issues with cert still show9jg expired how
Can I see new expiration and confirm everything is in place

What does it mean without reload

new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/vorman.mooo.com/fullchain.pem

When checking after restart says expired in 6 days <<<<<<<

Found the following certs:
Certificate Name: vorman.mooo.com
Domains: vorman.mooo.com
Expiry Date: 2019-05-30 23:24:23+00:00 (VALID: 89 days)<<,<,<,<
Certificate Path: /etc/letsencrypt/live/vorman.mooo.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/vorman.mooo.com/privkey.pem

Thanks


#6

Hi @Soydepr,

I think this is related to what I wrote three weeks ago:

“Without reload” means that Certbot didn’t do anything to reload software that uses the certificate (that is, Certbot just saved the new certificate at the specified location, but there may be a separate step required to get it to be used). The Certbot nginx and Apache integrations, which don’t have an equivalent for lighttpd, are capable of telling the web server to reload its configuration, which will normally cause it to pick up the new certificate.

If you have lighttpd pointed at the files in /etc/letsencrypt/live, then you can probably just restart or reload lighttpd to have it pick up the new certificate; if you’ve created custom files (which I think I remember is the case for lighttpd users in general and you in particular), you would have to repeat the process to recreate these files (and then restart lighttpd afterward).

(In order to prevent you from having to do this over and over again in the future, these steps can be automated by putting them in a shell script and telling Certbot about it via a mechanism that we call “deploy hooks”.)


#7

What I don’t understand is if my config points here

$SERVER[“socket”] == “:443” {
ssl.engine = “enable”
ssl.pemfile = “/etc/letsencrypt/live/vorman.mooo.com/combined.pem”
ssl.ca-file = “/etc/letsencrypt/live/vorman.mooo.com/fullchain.pem”
ssl.cipher-list = “ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!MD5:!aNULL:!EDH:!AESGCM”
ssl.honor-cipher-order = “enable”
ssl.use-sslv2 = “disable”
ssl.use-sslv3 = “disable”
}

Which is where new cert saved why I need to do something else which I now forgot


#8

Certbot doesn’t create combined.pem, so you have to create it yourself. (You can write a deploy hook script to perform this step for you.)


#9

I don’t use lighttpd, but if I remember correctly, I think the combined.pem that you’re looking for would include the contents of both of what we call privkey.pem and fullchain.pem.


#10

Thanks worj3d now I must learn this hook thing for next time


closed #11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.