How to renew expired certs?


#1

I totally spaced that I needed to renew withing 90 days. I think I was so excited to get it working I plum forgot to make note of this. However, typing ./letsencrypt-auto renew doesn’t give an error but doesn’t give any acknowledgement it worked either. Is this because I’m past the 90 day window?

How do I go about renewing? Or do I have to get brand new certs?

Also after reading up on this a bit, I realize I never have gotten any reminder emails either. I’m pretty good at checking spam filters etc. It would have gone to an Gmail address.


#2

I’d like to renew my certificates but the client software seems to be gone and I can’t work out how to redo it all from scratch. These instructions are from the certbot page at EFF.org.

# cd /usr/ports/security/py-letsencrypt && make install clean bash: cd: /usr/ports/security/py-letsencrypt: No such file or directory [root@www /usr/ports/security/letsencrypt.sh]# pkg install py27-letsencrypt Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. pkg: No packages available to install matching 'py27-letsencrypt' have been found in the repositories

I have working, functional https certificates running on nginx. I assume all I need do it install some other client software (FreeBSD supports two others that I know of) and have it use those existing certs and config options. But assumptions are deadly.


#3

If you install a different client it won’t inherently understand the config settings from the client you had before. But it doesn’t really matter. Renewal isn’t anything special, it’s just a handy short hand for saying you want the exact same certificates you had before except newer. Your client (with or without manual assistance depending on how you’re doing this) will need to prove you control the names you want certificates for, each time. So it’s OK to start from scratch with another client you’re happy with, get certificates issued by that and continue from there. If you go crazy and start fresh every morning you’ll hit the system rate limits, but doing it just once or twice isn’t a problem.


#4

The problem was the client was renamed and I didn’t realize it. Had some other local issues (ISP/DNS clusterfarce) but the key thing was understanding that py-letsencrypt was now py-certbot.


#5

Looks like the ports instructions for FreeBSD were updated a couple of days ago. The pkg instructions are currently still outdated, I’ve opened a pull request to get them fixed.

@JoseJones What is the output of ./letsencrypt-auto renew -vvvvv? Could you provide the log files from /var/log/letsencrypt as well?


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.