Hello!
Im use Ansible, for one point of knowledge about my infrastructure, and wants to use the certbot.
We already have the certs from LetsEncrypt, but we want to automate process.
I generate a directories and configs, as example for templating playbook i get working /etc/letsencrypt structure on one server, and:
-
I do a template for the renewal files, looks like -
renew_before_expiry = 30 days
version = 0.8.1
cert = /etc/letsencrypt/live/h1.domain.com/cert_h1_api_domain_cert_bot.pem
privkey = /etc/letsencrypt/live/h1.domain.com/privkey_h1_api_domain_cert_bot.pem
chain = /etc/letsencrypt/live/h1.domain.com/chain_h1_api_domain_cert_bot.pem
fullchain = /etc/letsencrypt/live/h1.domain.com/fullchain_h1_api_domain_cert_bot.pem
Options used in the renewal process
[renewalparams]
server = https://acme-v01.api.letsencrypt.org/directory
authenticator = webroot
installer = None
account = ##### ACCOUNT ID #########
webroot_path = /opt/certbot-auto/web,
[[webroot_map]]
h1.domain.com = /opt/certbot-auto/web
- I create a self-signed certs and keys for this domain, for first run, in:
/etc/letsencrypt/archive/h1.domain.com/cert_h1_api_domain_cert_bot1.pem
/etc/letsencrypt/archive/h1.domain.com/chain_h1_api_domain_cert_bot1.pem
/etc/letsencrypt/archive/h1.domain.com/fullchain_h1_api_domain_cert_bot1.pem
/etc/letsencrypt/archive/h1.domain.com/privkey_h1_api_domain_cert_bot1.pem
- I create symlinks to live folder
cert_h1_api_domain_cert_bot.pem -> /etc/letsencrypt/archive/h1.domain.com/cert_h1_api_domain_cert_bot1.pem
chain_h1_api_domain_cert_bot.pem -> /etc/letsencrypt/archive/h1.domain.com/chain_h1_api_domain_cert_bot1.pem
fullchain_h1_api_domain_cert_bot.pem -> /etc/letsencrypt/archive/h1.domain.com/fullchain_h1_api_domain_cert_bot1.pem
privkey_h1_api_domain_cert_bot.pem -> /etc/letsencrypt/archive/h1.domain.com/privkey_h1_api_domain_cert_bot1.pem
-
I created account and other settings like in my current standalone web server without auto-enrolling.
-
In next step i try to renew certs by configs, but get the error:
Attempting to renew cert from /etc/letsencrypt/renewal/h1.domain.com.conf produced an unexpected error: max() arg is an empty sequence. Skipping.
How to create own configs in first install? How to automate the registration? What i do wrong?
Thanks.
With best regards,
Rostislav