How to set up the certificate for automatic renewal in the future?

PKHunter · January 16, 2018, 4:56pm

I run our own Nginx on a CentOS server. However every time we’ve set up using this command:

certbot   certonly -a webroot --webroot-path=/home/dir  -d domain.io  -d  www.domain.io

It somehow asks me for DNS verification. But this doesn’t auto-renew. Where can I find very clear, simple, instructions on how to set this up so that everything is done in a way that I don’t have to think about it again. I don’t need to become an expect at this. Just need to do this.

PKHunter · January 16, 2018, 5:01pm

Note. The instructions here are either old or outdated:

schoen · January 16, 2018, 6:32pm

Hi @PKHunter, could you show us the exact message that you get from Certbot in this case?

PKHunter · January 17, 2018, 8:45pm

Hello, thank you! Actually after a while it seemed to work. Now I have a different question. IN executing that command we did the domain.io (and the www.) version of the domain. We’d also like to add the domain.com to the same certs if possible. Is this doable? We want to auto-redirect any visiting user to the same domain via a 301, which may be the .com domain. So we’re simply trying this out with the .io. Is this an Nginx problem and not an SSL problem?

schoen · January 17, 2018, 8:49pm

You can put them both in the same certificate by just adding more -d options. But I didn’t understand whether you’ve succeeded in issuing the combined certificate (but just not gotten nginx to serve it up to visitors properly), or whether you’re still waiting to issue it.

PKHunter · January 17, 2018, 9:04pm

Thank you. Issue now is that we ran that command already with the .io domains with the -d option. How can we now add the .com to the same certs?

mnordhoff · January 17, 2018, 11:05pm

You can run a similar command.

If all 4 websites are hosted on the same server and use the same web root, you can use:

certbot certonly -a webroot --expand --webroot-path=/home/dir -d domain.io -d www.domain.io -d domain.com -d www.domain.com

(If --expand is left out, Certbot will just ask if you want to replace the existing cert, or create a separate cert.)

If the .com site is hosted on the same server but uses a different web root, you can do something like:

certbot certonly -a webroot --expand --webroot-path=/home/dir -d domain.io -d www.domain.io --webroot-path=/var/www/domaincom/html -d domain.com -d www.domain.com

If the .com site is hosted on a different server, you should install Certbot on that server, and create a separate cert with something like:

certbot certonly -a webroot --webroot-path=/var/www/domaincom/html -d domain.com -d www.domain.com

LesAngie12 · January 17, 2018, 11:25pm

This is very informative, it should be in the main documentation in exactly this lucid way. Wow, thank you!

system · February 16, 2018, 11:26pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.