My web server is (include version): Apache (but the certbot gives me apache plugin isn’t running or something of that jazz)
My hosting provider, if applicable, is: SelfHosted
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Webuzo
I installed and ran certbot with no problems. Wanted to simply test it out on StanRagets.com which is a landing page for my other sites. Got the congratulations and can renew with no issues. I’m very new to this and would like to ask if someone could please help me with whatever remaining steps there might be to get SSL/HTTPS working for this site. I should be able to get the subdomains up and going once I understand what needs to be done to secure this portion.
Hi @who8mypnuts, do you know if your Webuzo control panel gives you a place where you can upload certificates and keys inside the control panel? That might be the easiest way to proceed if it does.
Yep! The files in question should be in /etc/letsencrypt/live/stanragets.com on the server. You’ll want privkey.pem for the private key, cert.pem for the certificate, and chain.pem for what Webuzo calls the CA bundle.
If you paste or upload them there, it should work. Please keep in mind that Let’s Encrypt certificates expire after 3 months so you’ll need to repeat the process then. (We’d like tools like Webuzo to add support for automatically getting the certificate, so that you don’t have to do this manually every 3 months. If you have any contact with the Webuzo developers or community, maybe you could bring this possibility up with them.)
Indeed. It’s so annoying that webuzo doesn’t just load them in with the fetch command.
I’ve added it to my calendar to remind me to refresh them. When do they actually renew, on the expiration day or prior to?
Automatic renewal generally only happens if you set up certbot renew with a cron job. If you haven’t done that, then you don’t have automatic renewal enable and you’ll need to re-run certbot yourself. You can choose when to renew. Certbot is willing to renew for you without --force-renew any time within the last month of validity of the certificate, or at any time if you add --force-renew.
Sounds good.
So I’ve setup a cronjob to run daily to renew this. Does that mean within the last month it will renew? If that’s the case, do I lose the SSL I currently have (once renewed) on my site since I’ve got to input everything manually into webuzo?
Yes, it should renew within the last month. (The certbot renew script will check the expiration date and try to renew when there’s less than a month remaining.)
Renewal doesn’t revoke the previous cert, so you can continue using it until it expires, meaning you can choose when you want to upload the new cert using Webuzo. If you get adventurous and want to learn to edit your web server configuration manually – bypassing Webuzo entirely – you can point it directly at the files inside /etc/letsencrypt and then you would no longer have to do the upload step at all!