First-Time LetsEncrypt Certificate Request

skycaster · March 3, 2020, 3:41pm

Hi,
I’ve just start using Lets encrypt to implement a solution at home.
The purpose is to publish a website with a certificate, simple as that.
The application is UNMS and uses a LetsEncrypt certificate that we can use our own.

So, after generate a certificate with certbot, with 0 errors. i run the following command
curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --http-port 8091 --https-port 8883 --ssl-cert-dir /etc/letsencrypt/live/mywebsite.ddns.net/ --ssl-cert fullchain.pem --ssl-cert-key privkey.pem

And with that i get the following error:

ERROR: Cert file:
/etc/letsencrypt/archive/mywebsite.ddns.net/fullchain1.pem
is not placed in the cert directory:
/etc/letsencrypt/live/mywebsite.ddns.net
Check --ssl-cert-dir and --ssl-cert arguments for symbolic links. The actual ssl cert file (not just symbolic link) must be within the ssl cert directory or its subdirectories.

So thw ssl cert directory is point to the “live” one like the manual told me to do, and asks about a file that doens’t exist fullchain1.pem, i only have fullchain.pem

Can anyone help me please?

thanks

9peppe · March 3, 2020, 3:45pm

/etc/letsencrypt/live are symlinks, real certs are in /etc/letsencrypt/archive

But this request is really strange.

Using ls -la will show you whatever you need to know.

skycaster · March 3, 2020, 3:49pm

Yes I’ve check it the are symlinks, the problem is that they point to a different name, so i think that is the error.

On the patch /etc/letsencrypt/archive the have the numer 1 after. And i think thats why is happenning.

9peppe · March 3, 2020, 3:53pm

I think you should leave that directory alone and use a --deploy-hook to copy the cert and key to a directory where unms will find them, and to do whatever is needed to tell unms it has to use a new cert. (pay attention to permissions when copying the private key)

cp -L should read the symlink and copy the actual file to the destination of your choosing.

skycaster · March 3, 2020, 3:56pm

But if i choose another directory for unms, when the renew happens i need to make all these steps again. copy the cert to another location right?

9peppe · March 3, 2020, 3:57pm

If you set the deploy-hook, certbot should remember to do the same next time

skycaster · March 3, 2020, 3:59pm

Can you help me getting the whole command please.
Thank you

9peppe · March 3, 2020, 4:02pm

you need to write a script to set up the certificates for unms, and I cannot do that.

then you have certbot run that script as a deploy-hook. Read the docs on how to do that, please: https://certbot.eff.org/docs/using.html#certbot-command-line-options

after you have your script, the command should look like this:

certbot install --deploy-hook /path/to/your/script.sh

system · April 2, 2020, 4:16pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.