Help with renew


#1

Hi, I had already a certificate in july,

I ran this command (from documentation) and it seems ok:

certbot-auto renew --dry-run

and this is the output:

Performing the following challenges:
http-01 challenge for mydomain.com
http-01 challenge for www.mydomain.com
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0002_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0002_csr-certbot.pem
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/mydomain.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)

IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.

But when I enter to mydomain and I get the certificate info, it shows that expires in October, so apparently is not renewed…

Is it the normal behaviour and it “changes” to the new certificate when it expires (Oct 17) or I missed something?

I also restart apache.

Thx.


#2

Just to clarify: Do you have a cronjob that runs the certbot-auto renew command without --dry-run, and do your logs indicate that this cronjob ran successfully? (--dry-run is what you use to test renewal manually after setting up the client - it basically simulates the renewal process, stopping short of actually modifying the files on disk. You wouldn’t want to use that to actually renew.)

Another thing to consider, in case the certificates were renewed: Do you reload your web server as part of the renewal cronjob? Most server software needs to be reloaded when the certificates change. You can combine this with the renew command using something like certbot renew --post-hook "service apache2 reload" (using apache on Debian/Ubuntu as an example, the command might differ for your OS/server software).


#3

@pfg I don’t have any scripts to autorenew. So I guess I have to run

certbot-auto renew

instead of

certbot-auto renew --dry-run

And restart the server…?

(I realize that --dry-run is a test)


#4

Yep, that should do it.


#5

@pfg Thx, noob mistake I guess.

Everything Ok.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.