I would like to setup the letsencrypt on NFS drive and read/execute it/them from the other hosting.
I've 3 VMs, 3 Domains and 1 NFS drive. Let's say web1 in VM1, web2 in VM2 and web3 in VM3. and I mounted the NFS drive into each VMs as '/mnt/webs/'. I would like to setup the letsencrypt on /mnt/webs/ssl/ dir and read from each webs.
So far, I setup the letsencrypt on vm1 and moved the '/etc/letsencrypt' dir into /mnt/webs/ssl/ dir and made the symbolic link to web1, web2 and web3. it is working for reading from all web1, web2 and web3. but when I renew the certs, it is stucking/hanging.
How can I configure or setup the letsencrypt in NFS drive.
Hi @thura747, and welcome to the LE community forum
That is very vague.
Please describe the problem better and include any logs and error messages that might be shown.
And answer all the questions that are requested for help topics:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
And one more note:
Unless the cert covers the all the names of the three servers, it makes little sense to use a cert that doesn't do so.
It could be that all three systems use the exact same name...
It could be that the cert is a wildcard and would cover many names...
I don't know; I'm just making sure you do.
And to somewhat attempt to answer your topic question [without much info about the problem]:
I would not have certbot save the files directly onto the NFS share.
You can easily copy the cert to the NFS share once it has been updated locally.
That is probably where you went offtrack.
You should NOT move installed programs.
There are symbolic links within subfolders that are likely now trashed.
[you may have to reinstall it - and that would be recommended; As 2.7.1 is the latest available version]
The symbolic links are relative, so you could just move /etc/letsencrypt back to its original location.
@thura747 As suggested by @rg305, Certbot makes many assumptions about where certificate-related and renewal-related files are found on your system. If you move or rename those files, it will be confused and will not be able to complete automated renewals. If you want to keep these files in a non-default location, there are options that you can provide to Certbot (--work-dir, --logs-dir, --config-dir).
Alternatively, if you want to keep them in a default location but make copies elsewhere, you can check the Certbot documentation about --deploy-hook, which allows you to provide a script or command that should be run whenever a certificate is renewed, which you could use to copy the relevant files into an additional location.
