How to automatically renew certificate without stopping server

This is not a new topic, but somehow I could not find an answer to my problem. When I first got a certificate, following some instructions I typed this command:

sudo certbot certonly --standalone

At the time my server was not running. But now that I want to renew my certificate the server is running and I don’t want it to stop. But when I try this command

sudo certbot renew --dry-run

there is a conflict my my server already using port 80. Also I don’t know what to do. Does anyone has a solution ?

Hi @archimondain

you have to use one of the other options.

--nginx
--apache

or

--webroot

if you want to use http validation and your running webserver.

Check

Thanks, I’m not using either nginx nor apache. I want to use --webroot (together with --webroot-path), but I do not understand how things are suppose to work. In particular, it seems that the whole process is trying to access some file in https://domain/.well-known/acme-challenge/, which it can’t so far cause my server do not serve files in this directory yet.

What I do not understand is that the directory “.well-known/acme-challenge/” has not been created in the webroot directory that I specified. So even if my server serves the files inside “.well-known/acme-challenge/”, I don’t understand how it can work.

Do you know what are the different steps of the process and what are the things I need to do to make it work ?

Addition : now that I think about it, maybe the process removes the file before I can see it. I will check that…

Then share your environment:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Please read some basics about challenges:

Every webserver is able to send static content. If you don’t want that, use dns validation.

If a Letsencrypt client has an option like --webroot, typically the two subdirectories are created.

Read some basics:

Certbot will create this directory for you inside your webroot. You don’t have to create it yourself.

Still another option is to use --pre-hook and --post-hook options to tell Certbot how to temporarily stop and restart your web server, in case you want to continue using --standalone with a web server application.

Thanks to all of you for your help. Sorry for haven’t put more effort in reading the doc. As expected, I just needed to serve my files properly and everything worked using --webroot together with --webroot-path.

1 Like