How we update SSL on cerver


#1

Hello All,

LetsEncrypt ssl certificate going to expire. Please tell me the procedure, How i can update the ssl certificate on ubuntu.

Please suggest


#2

Can you tell us a little about your server ? what operating system ? How did you install the SSL originally ? Do you know what script you used ? Do you have root access to the server ? To you have a control panel on your server ?


#3

Yes i have a root access of server. Actually i have not installed previously. it has installed by another person.
I have no idea How i can renew the ssl certificates. PFB for the command.

./letsencrypt-auto --agree-dev-preview --server \https://acme-v01.api.letsencrypt.org/directory -a manual auth


#4

If it was done using letsencrypt, then the command

letsencrypt renew

should hopefully renew it for you (although I’m not certain which version of letsencrypt you have installed etc).

The official client has been renamed from letsencrypt to certbot. It’s probably as easy to go to https://certbot.eff.org/ and follow the instructions for installing and obtaining a certificate using your OS. That way you will have the latest version, and the instructions / method for setting it to auto-renew.

I’m assuming there isn’t already a cron-job set up to auto-renew your certificate.


#5

There is no package installed in my server. There is only directory placed in my / directory. So Please suggest.


#6

As above, I’d suggest using the official client - https://certbot.eff.org/ - select your webserver and operating system and it should give you all the instructions for obtaining a certificate.


#7

it suggest me to run this command
./path/to/certbot-auto renew --dry-run
If i will run this command then it will automatically renew or there is something i have to run. I don’t want, it will reconfigured my server.
Or
i have to run this command ./letsencrypt/letsencrypt-auto

Please suggest.


#8

“renew --dry-run” won’t make any changes to the server. It will just go through the process and check if it would work, or if it would give you errors.


#9

I am facing this issue during dry run

Attempting to renew cert from /etc/letsencrypt/renewal/api.drophook.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘Running manual mode non-interactively is not supported’,). Skipping.
[/quote]


#10

OK, that tells us that the certificate was originally created using a manual method.

I’d suggest just following the instructions for generating a new certificate. Probably the webroot method is easiest - it depends on your exact configuration.


#11

I have renewed the certificates through manually, but it showing me
an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘Running manual mode non-interactively is not supported’,). Skipping.


#12

what command did you try running ?

As the result states

Running manual mode non-interactively is not supported


#13

sudo ./letsencrypt-auto renew


#14

Above I suggested …

Did you do that ? if so, what command did you use ?

From all your info above, the original cert was produced by a manual method - which a non-interactive renew can not replicate ( because it was an interactive method). Hence why I suggested obtaining a new certificate by a non-interactive method, then the non-interactive renew should work.


#15

@systemadmin, @serverco is right: if the certificate was created originally using manual, then the renew command can’t work on it (because renew is designed to work without human intervention, while manual always requires human intervention). So indeed, getting a new certificate using a non-interactive method would be best, if your situation would allow for that. If you need help with that process, we’d be happy to help, but we’ll probably need some more information about your setup in order to understand what would be likely to work for you.


#16

Add this to your crontab…

1 0 * * * letsencrypt renew --no-self-upgrade >/dev/null

Using no upgrade is essential when running LXC or LXD with letsencrypt installed only at host level, to conserve space.

Also this ensures any auto install updates which break letsencrypt (happened many times in the past), are skipped so certs renew if upgrade causes letsencrypt to die.


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.