How do I renew my certificate?


#1

Please fill out the fields below so we can help you better.

My domain is:butler.santiapps.com

How do I renew my certificate? I got the renewal email.

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

What have you tried?
Do you recall how the cert was installed?


#3

Its installed on a raspberry pi, via terminal. I havent tried anything except clicking on the email link, but that just took me here :slight_smile: to the forums. Im not sure how to renew it.


#4

OK.
How was it installed?
I don’t seem to get any response on port 80 nor 443.


#5

I installed it but I cant say I remember how. What are my options? :slight_smile:

I followed a tutorial Im sure, but Im not sure which one…I think it might have been this one:

It seems to use certbot terminal command,


#6

Its not up and running because its a work in progress. I use it with a Google API app which connects to Google Home but is currently directioned to my ISP-router’s-public IP.


#7

I would then “start over”.
At least forward port 80 to the Pi.
Then try certbot commands - like:
./certbot certificates
./certbot renew
./certbot --force-renewal

see docs for more: https://certbot.eff.org/docs/using.html

also check the version
./certbot --version
and update to latest (if possible).


#9

Ok whenever I enter any ./certbot command I get:

-bash: ./certbot: No such file or directory

I went to the tutorial I linked and found that I should run this command to renew:
sudo certbot certonly --webroot --webroot-path=/var/www/html -d example.com -d www.example.com

the only thing Im not sure of is the path. How can I verify that path in a config file?


#10

The ./certbot means running it from the current directory. There are differences in all of the documentation and tutorials in terms of sample commands depending on how, and in some cases where, Certbot was installed on the system.

If you installed via an operating system package, using a package manager, you can probably use the sudo certbot forms. If you installed using certbot-auto, you have to cd to the location whether you originally downloaded certbot-auto before running ./certbot-auto (in that particular directory).

Anyway, it seems you said that the sudo certbot form works for you, which suggests that you got it via an official operating system package, and you’re wondering about the webroot directory?

It should be the same directory where you would create or edit website content for the top level of your web site. Do you know where that would be?


#12

Thanks but no, sudo certbot does not work for me:

pi@raspberrypi:/ $ sudo certbot
sudo: certbot: command not found
pi@raspberrypi:/ $

Ive looked into the pi file structure and found that inside /etc/letsencrypt/ there is a /certbot folder but even in that folder I get the error:

pi@raspberrypi:/etc/letsencrypt $ sudo ./certbot certificates
sudo: ./certbot: command not found
pi@raspberrypi:/etc/letsencrypt/certbot $ sudo ./certbot certificates
sudo: ./certbot: command not found
pi@raspberrypi:/etc/letsencrypt/certbot $ ls
account.py       configuration.py  errors.py      notify.py    storage.py
achallenges.py   constants.py      hooks.py       ocsp.py      tests
auth_handler.py  crypto_util.py    __init__.py    plugins      util.py
cert_manager.py  display           interfaces.py  renewal.py
client.py        eff.py            log.py         reporter.py
cli.py           error_handler.py  main.py        reverter.py
pi@raspberrypi:/etc/letsencrypt $ ls
accounts                    ISSUE_TEMPLATE.md
acme                        keys
archive                     letsencrypt-auto
certbot                     letsencrypt-auto-source
certbot-apache              letshelp-certbot
certbot-auto                LICENSE.txt
certbot-compatibility-test  linter_plugin.py
certbot-nginx               live
CHANGELOG.md                MANIFEST.in
CHANGES.rst                 README.rst
CONTRIBUTING.md             readthedocs.org.requirements.txt
csr                         renewal
docker-compose.yml          setup.cfg
Dockerfile                  setup.py
Dockerfile-dev              tests
Dockerfile-old              tools
docs                        tox.cover.sh
examples                    tox.ini

what else can I try?


#13

Sorry I didn’t also make this clear, but when you install it yourself you’re meant to use certbot-auto, rather than certbot. The certbot form is meant for people who installed an operating system package, which does not appear to be your situation.

From what you’ve showed me, it looks like you did download it in /etc/letsencrypt and so you could use either /etc/letsencrypt/certbot-auto or cd /etc/letsencrypt; ./certbot-auto as your Certbot command. (for example with ./certbot-auto certificates or ./certbot-auto renew)


#15

Ok I did:

/etc/letsencrypt/certbot-auto

and its getting bootstrap dependencies for debian OSes…

But I wasnt clear if I should have done:

/etc/letsencrypt/certbot-auto certificates 
/etc/letsencrypt/certbot-auto renew

#16

Yes, you should run both of those (the first to see what certificates you have, the second to renew certificates that are in need of it).


#17

Cool, thanks!

Out of curiosity, what did this command do:

/etc/letsencrypt/certbot-auto

#18

I was just trying to describe the location of the program on your system, and I didn’t mean to indicate that you should run it by itself.

Normally when you run certbot-auto with no arguments, it tries to see if it can detect an existing web server and then offers to obtain certificates for domain names that that web server is serving.


#20

Unbeilevable, I almost go it. I just remembered that my setup used to be an ISP router assigning a public IP to my linksys. But now they installed another router which gives my linksys a local ip address. I wonder if it would be possible now?


#21

You would need to forward appropriate ports, like @rg305 said

Depending on your authentication method, you might also need to forward port 443.

If you can’t do this, you’ll need to use a different authentication method, which would require being able to make changes to your DNS settings (can you do so? can you do so automatically by running a command or using an API?).


#23

Ok I dont know what to do.

  • I’ve updated my dns zone file’s subdomain to the ip address of my ISP router. Traceroute confirms that the subdomain points to that public IP.
  • I’ve forwarded my linksys router’s 80 and 443 port to my pi’s local address.

The only thing different now is that my linksys router doesnt have an assigned IP showing up in the admin panel, as it did before the ISP changed my router. I know this is not a letsencrypt issue, but if anyone could help me out it’d be great.

Thnx


#24

What error are you getting from Certbot now? Or are you unable to connect to your Pi yourself because of the router issue, so not even trying the renewal yet?


#25

Thanks for writing us.
We will respond to you as soon as possible!

Gracias, responderemos lo antes posible!