How to renew with webroot?

guerlando · October 13, 2018, 12:24pm

I’m trying to find information about the renewal process. Unfortunately I cannot renew my cert many times to test because I’ve already been blocked by trying the standalone generation too much.

The only information I found about renewing is certbot --renew, but I don’t know how to specify the method: standalone or webroot. I want it to be through webroot

My domain is: not existent yet

I ran this command:-

It produced this output: -

My web server is (include version): ubuntu

The operating system my web server runs on is (include version): ubuntu 18.10

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Osiris · October 13, 2018, 1:30pm

You should always test with the --staging option.

If issuing a certificate with one command went fine, it should be no trouble to renew with the command certbot renew (thus: without the --).

If you want to change from standalone to webroot, you can issue a new cert with the “normal” command, but then with the webroot plugin. That will reconfigure the renewal configuration so the next time you want to renew, you can again just use certbot renew.

guerlando · October 13, 2018, 2:10pm

so if I want the renew process to go with webroot I must have generated the certs with webroot? I need precisely to generate in standalone first (when no webserver is installed), and renew with webroot for when the webserver is running. I cannot issue the first time with the webserver running because it complains about not having a certificate and stops. I teoritically could disable https and reenable after the first generation but it’d cause a lot of unnecessary steps on my dockerization.

So this would not work. Can I simply reissue the certificate with certbot --webroot after some months?

schoen · October 13, 2018, 8:39pm

Normally Certbot is designed for the case where you have no HTTPS virtual host, only an HTTP virtual host. If you use --apache or --nginx, Certbot will create an HTTPS virtual host based on your existing HTTP virtual host.

If you use certbot certonly --webroot, then you again don’t need to have an existing HTTPS virtual host but you can create one yourself by editing your web server configuration files.

Having an error about missing certificates suggests that you prematurely configured an HTTPS virtual host in your web server. Your web server typically shouldn’t need to be configured for HTTPS before you’ve obtained your first certificate.

If you’re sure that you want to do it this way, you don’t need to wait for months. You can do

certbot certonly --webroot --force-renewal

immediately after configuring the HTTPS environment.

system · November 12, 2018, 4:12pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.