This is normal.
The first should be your public cert.
The second should be the Intermediate cert (in the chain).
Please show this file:
/etc/letsencrypt/archive/vorman.mooo.com/fullchain2.pem
Certificate Name: vorman.mooo.com
Domains: vorman.mooo.com
Expiry Date: 2019-03-08 09:45:51+00:00 (VALID: 66 days)
Certificate Path: /etc/letsencrypt/live/vorman.mooo.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/vorman.mooo.com/privkey.pem
root@vorman:/etc/letsencrypt/archive/vorman.mooo.com# certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: vorman.mooo.com
Domains: vorman.mooo.com
Expiry Date: 2019-03-08 09:45:51+00:00 (VALID: 66 days)
Certificate Path: /etc/letsencrypt/live/vorman.mooo.com/fullchain.pem
There are your two files. So use these in your config file.
The first is expired, the second looks good.
Please show:
certbot-auto certificates
Found the following certs:
Certificate Name: vorman.mooo.com
Domains: vorman.mooo.com
Expiry Date: 2019-03-08 09:45:51+00:00 (VALID: 66 days)
Certificate Path: /etc/letsencrypt/live/vorman.mooo.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/vorman.mooo.com/privkey.pem
OK then those are the files you should be using.
Sorry, the thread is a little long...
What is the current problem?
Please show:
grep -Eri 'root|cert|name|alias' /etc/lighttpd/
grep -Eri 'root|cert|name|alias' /var/www/
Issue is ssl check shows ssl expired but I renewed
Hi @Soydepr,
Thanks for sharing the configuration that @rg305 asked for above. I suspect that the trouble might relate to
/etc/lighttpd/ssl/vorman.mooo.com.crt:-----BEGIN CERTIFICATE-----
/etc/lighttpd/ssl/vorman.mooo.com.crt:-----END CERTIFICATE-----
/etc/lighttpd/ssl/vorman.mooo.com.pem:-----BEGIN CERTIFICATE-----
/etc/lighttpd/ssl/vorman.mooo.com.pem:-----END CERTIFICATE-----
In this case, it looks like your old certificate and associated files were copied directly into /etc/lighttpd/ssl, which might be the usual place to store these files with lighttpd. However, the renewal always creates a new certificate, which Certbot ensures is pointed to by the entries within /etc/letsencrypt/live/vorman.mooo.com. Certbot doesnât copy the new certificate files into /etc/lighttpd/ssl.
Do you know how the files that you originally create ended up inside /etc/lighttpd/ssl? Did you manually copy them there?
Three possible ways of fixing this problem, depending on your preferences:
(1) Change your lighttpd configuration so that it points at /etc/letsencrypt/live files instead of /etc/lighttpd/ssl files.
(2) Copy the updated files from /etc/letsencrypt/live into /etc/lighttpd/ssl (and ideally write a shell script to do this and then specify that shell script with Certbotâs --deploy-hook option so that Certbot will know to run it automatically following each renewal event).
(3) Create symlinks in /etc/lighttpd/ssl (using ln -s) to the corresponding locations in /etc/letsencrypt/live so that lighttpd will always find the updated files after a renewal.
Lighttpd wants cert.pem and privkey.pem in one file and chain.pem in a second file.
Probably vorman.mooo.cm.pem is the former, and vorman.mooo.com.crt is the latter.
So youâd have to set up a deploy hook to update the files and reload Lighttpd.
1 Like
Thanks for pointing that out, @mnordhoff. That suggests to me that some tutorial probably gave @Soydepr the commands for creating these files, because Certbot wouldnât have done that itself. In that case, these same commands could be included in a deploy-hook script.
1 Like
Please clarify not sure I understand what you mean by deploy hook
Can I just copy /letsencrypt/live/vorman.mooo.com/fullchain.pem To
Etc/lighttpd
That is the general idea; just with a script that gets called any time the cert is renewed (--deploy-hook).
But I'm not certain where you are actually using the cert...
From your post, only these lines look related but they are rem'd out:
/etc/lighttpd/lighttpd.conf:# server.name = "vorman.mooo.com"
/etc/lighttpd/lighttpd.conf:# server.document-root = "/var/wwww/html/owncloud"
/etc/lighttpd/lighttpd.conf:# ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
So...
Can you also show?:
I think this is the relevant part of my confit file
SERVER[âsocketâ] == â:443â {
ssl.engine = âenableâ
ssl.pemfile = â/etc/letsencrypt/live/vorman.mooo.com/combined.pemâ
ssl.ca-file = â/etc/letsencrypt/live/vorman.mooo.com/fullchain.pemâ
ssl.cipher-list = âECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!MD5:!aNULL:!EDH:!AESGCMâ
ssl.honor-cipher-order = âenableâ
ssl.use-sslv2 = âdisableâ
ssl.use-sslv3 = âdisableâ
root@vorman:/home/pi# grep -Eri âroot|cert|name|aliasâ /var/www/
bash: cert: command not found
bash: aliasâ: command not found
bash: name: command not found> ^C
root@vorman:/home/pi# grep -Eri âvorman.mooo.comâ /var/www
Above command does not finish
root@vorman:/home/pi# grep -Eri âroot|cert|name|aliasâ /var/www/
bash: name: command not found
bash: aliasâ: command not found
bash: cert: command not found
Ok then you need to figure out you made the combined.pem file (or just create a new script to do that again).
Confused âŚ
Please clarify .
This is what I did .
On dec 8 I renewed successfully with help on initial thread
SOmehow ssl check shows my cert expired
Looks more that you have created a certificate, but didn't install it. Because you have to do the installation of your lighttpd manual.
PS: You have to create one file with the private and the public key:
https://ssl-trust.com/ssl-zertifikat-installieren/lighttpd
- Es ist notwendig fĂźr Lighttpd, dass Zertifikat und privater SchlĂźssel in einer Datei vorliegen. Die geschieht durch folgenden Befehl:
cat /etc/ssl.key/example.com.key /etc/ssl.crt/example.com.crt >> /etc/lighttpd/example.com.pem
There is your command. Change the paths, then add the result file to your configuration.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.