How do I renew my certificate?

marciokoko · July 1, 2017, 11:29pm

Please fill out the fields below so we can help you better.

My domain is:butler.santiapps.com

How do I renew my certificate? I got the renewal email.

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

rg305 · July 1, 2017, 11:34pm

What have you tried?
Do you recall how the cert was installed?

marciokoko · July 1, 2017, 11:38pm

Its installed on a raspberry pi, via terminal. I havent tried anything except clicking on the email link, but that just took me here to the forums. Im not sure how to renew it.

rg305 · July 1, 2017, 11:41pm

OK.
How was it installed?
I don’t seem to get any response on port 80 nor 443.

marciokoko · July 1, 2017, 11:47pm

I installed it but I cant say I remember how. What are my options?

I followed a tutorial Im sure, but Im not sure which one…I think it might have been this one:

It seems to use certbot terminal command,

marciokoko · July 1, 2017, 11:52pm

Its not up and running because its a work in progress. I use it with a Google API app which connects to Google Home but is currently directioned to my ISP-router’s-public IP.

rg305 · July 2, 2017, 12:01am

I would then “start over”.
At least forward port 80 to the Pi.
Then try certbot commands - like:
./certbot certificates
./certbot renew
./certbot --force-renewal

see docs for more: https://certbot.eff.org/docs/using.html

also check the version
./certbot --version
and update to latest (if possible).

marciokoko · July 3, 2017, 12:57am

Ok whenever I enter any ./certbot command I get:

-bash: ./certbot: No such file or directory

I went to the tutorial I linked and found that I should run this command to renew:
sudo certbot certonly --webroot --webroot-path=/var/www/html -d example.com -d www.example.com

the only thing Im not sure of is the path. How can I verify that path in a config file?

schoen · July 3, 2017, 2:17am

The ./certbot means running it from the current directory. There are differences in all of the documentation and tutorials in terms of sample commands depending on how, and in some cases where, Certbot was installed on the system.

If you installed via an operating system package, using a package manager, you can probably use the sudo certbot forms. If you installed using certbot-auto, you have to cd to the location whether you originally downloaded certbot-auto before running ./certbot-auto (in that particular directory).

Anyway, it seems you said that the sudo certbot form works for you, which suggests that you got it via an official operating system package, and you’re wondering about the webroot directory?

It should be the same directory where you would create or edit website content for the top level of your web site. Do you know where that would be?

marciokoko · July 4, 2017, 11:26pm

Thanks but no, sudo certbot does not work for me:

pi@raspberrypi:/ $ sudo certbot
sudo: certbot: command not found
pi@raspberrypi:/ $

Ive looked into the pi file structure and found that inside /etc/letsencrypt/ there is a /certbot folder but even in that folder I get the error:

pi@raspberrypi:/etc/letsencrypt $ sudo ./certbot certificates
sudo: ./certbot: command not found
pi@raspberrypi:/etc/letsencrypt/certbot $ sudo ./certbot certificates
sudo: ./certbot: command not found
pi@raspberrypi:/etc/letsencrypt/certbot $ ls
account.py       configuration.py  errors.py      notify.py    storage.py
achallenges.py   constants.py      hooks.py       ocsp.py      tests
auth_handler.py  crypto_util.py    __init__.py    plugins      util.py
cert_manager.py  display           interfaces.py  renewal.py
client.py        eff.py            log.py         reporter.py
cli.py           error_handler.py  main.py        reverter.py
pi@raspberrypi:/etc/letsencrypt $ ls
accounts                    ISSUE_TEMPLATE.md
acme                        keys
archive                     letsencrypt-auto
certbot                     letsencrypt-auto-source
certbot-apache              letshelp-certbot
certbot-auto                LICENSE.txt
certbot-compatibility-test  linter_plugin.py
certbot-nginx               live
CHANGELOG.md                MANIFEST.in
CHANGES.rst                 README.rst
CONTRIBUTING.md             readthedocs.org.requirements.txt
csr                         renewal
docker-compose.yml          setup.cfg
Dockerfile                  setup.py
Dockerfile-dev              tests
Dockerfile-old              tools
docs                        tox.cover.sh
examples                    tox.ini

what else can I try?

schoen · July 4, 2017, 11:40pm

Sorry I didn’t also make this clear, but when you install it yourself you’re meant to use certbot-auto, rather than certbot. The certbot form is meant for people who installed an operating system package, which does not appear to be your situation.

From what you’ve showed me, it looks like you did download it in /etc/letsencrypt and so you could use either /etc/letsencrypt/certbot-auto or cd /etc/letsencrypt; ./certbot-auto as your Certbot command. (for example with ./certbot-auto certificates or ./certbot-auto renew)

marciokoko · July 7, 2017, 12:33am

Ok I did:

/etc/letsencrypt/certbot-auto

and its getting bootstrap dependencies for debian OSes...

But I wasnt clear if I should have done:

/etc/letsencrypt/certbot-auto certificates 
/etc/letsencrypt/certbot-auto renew

schoen · July 7, 2017, 2:46am

Yes, you should run both of those (the first to see what certificates you have, the second to renew certificates that are in need of it).

marciokoko · July 7, 2017, 5:43pm

Cool, thanks!

Out of curiosity, what did this command do:

/etc/letsencrypt/certbot-auto

schoen · July 7, 2017, 5:44pm

I was just trying to describe the location of the program on your system, and I didn’t mean to indicate that you should run it by itself.

Normally when you run certbot-auto with no arguments, it tries to see if it can detect an existing web server and then offers to obtain certificates for domain names that that web server is serving.

marciokoko · July 8, 2017, 12:01am

Unbeilevable, I almost go it. I just remembered that my setup used to be an ISP router assigning a public IP to my linksys. But now they installed another router which gives my linksys a local ip address. I wonder if it would be possible now?

schoen · July 8, 2017, 12:17am

You would need to forward appropriate ports, like @rg305 said

Depending on your authentication method, you might also need to forward port 443.

If you can't do this, you'll need to use a different authentication method, which would require being able to make changes to your DNS settings (can you do so? can you do so automatically by running a command or using an API?).

marciokoko · July 9, 2017, 1:41am

Ok I dont know what to do.

I’ve updated my dns zone file’s subdomain to the ip address of my ISP router. Traceroute confirms that the subdomain points to that public IP.
I’ve forwarded my linksys router’s 80 and 443 port to my pi’s local address.

The only thing different now is that my linksys router doesnt have an assigned IP showing up in the admin panel, as it did before the ISP changed my router. I know this is not a letsencrypt issue, but if anyone could help me out it’d be great.

Thnx

schoen · July 9, 2017, 6:08am

What error are you getting from Certbot now? Or are you unable to connect to your Pi yourself because of the router issue, so not even trying the renewal yet?

marciokoko · July 9, 2017, 6:18am

Thanks for writing us.
We will respond to you as soon as possible!

Gracias, responderemos lo antes posible!