Its installed on a raspberry pi, via terminal. I havent tried anything except clicking on the email link, but that just took me here to the forums. Im not sure how to renew it.
Its not up and running because its a work in progress. I use it with a Google API app which connects to Google Home but is currently directioned to my ISP-router’s-public IP.
I would then “start over”.
At least forward port 80 to the Pi.
Then try certbot commands - like:
./certbot certificates
./certbot renew
./certbot --force-renewal
I went to the tutorial I linked and found that I should run this command to renew:
sudo certbot certonly --webroot --webroot-path=/var/www/html -d example.com -d www.example.com
the only thing Im not sure of is the path. How can I verify that path in a config file?
The ./certbot means running it from the current directory. There are differences in all of the documentation and tutorials in terms of sample commands depending on how, and in some cases where, Certbot was installed on the system.
If you installed via an operating system package, using a package manager, you can probably use the sudo certbot forms. If you installed using certbot-auto, you have to cd to the location whether you originally downloaded certbot-auto before running ./certbot-auto (in that particular directory).
Anyway, it seems you said that the sudo certbot form works for you, which suggests that you got it via an official operating system package, and you’re wondering about the webroot directory?
It should be the same directory where you would create or edit website content for the top level of your web site. Do you know where that would be?
Sorry I didn’t also make this clear, but when you install it yourself you’re meant to use certbot-auto, rather than certbot. The certbot form is meant for people who installed an operating system package, which does not appear to be your situation.
From what you’ve showed me, it looks like you did download it in /etc/letsencrypt and so you could use either /etc/letsencrypt/certbot-auto or cd /etc/letsencrypt; ./certbot-auto as your Certbot command. (for example with ./certbot-auto certificates or ./certbot-auto renew)
I was just trying to describe the location of the program on your system, and I didn’t mean to indicate that you should run it by itself.
Normally when you run certbot-auto with no arguments, it tries to see if it can detect an existing web server and then offers to obtain certificates for domain names that that web server is serving.
Unbeilevable, I almost go it. I just remembered that my setup used to be an ISP router assigning a public IP to my linksys. But now they installed another router which gives my linksys a local ip address. I wonder if it would be possible now?
You would need to forward appropriate ports, like @rg305 said
Depending on your authentication method, you might also need to forward port 443.
If you can't do this, you'll need to use a different authentication method, which would require being able to make changes to your DNS settings (can you do so? can you do so automatically by running a command or using an API?).
I’ve updated my dns zone file’s subdomain to the ip address of my ISP router. Traceroute confirms that the subdomain points to that public IP.
I’ve forwarded my linksys router’s 80 and 443 port to my pi’s local address.
The only thing different now is that my linksys router doesnt have an assigned IP showing up in the admin panel, as it did before the ISP changed my router. I know this is not a letsencrypt issue, but if anyone could help me out it’d be great.
What error are you getting from Certbot now? Or are you unable to connect to your Pi yourself because of the router issue, so not even trying the renewal yet?