Installing as 'letsencrypt' rather than 'certbot'


#61

Uh oh :o redtext
$ certbot renew --cert-name benrothman.org --force-renewal

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/benrothman.org.conf


Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for benrothman.org
tls-sni-01 challenge for www.benrothman.org
TLS-SNI-01 is deprecated, and will stop working soon.
Cleaning up challenges
Attempting to renew cert (benrothman.org) from /etc/letsencrypt/renewal/benrothman.org.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/benrothman.org/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/benrothman.org/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)


#62

Yeah, that’s what I thought haha.

certbot renew --cert-name benrothman.org --webroot -w /srv/users/serverpilot/apps/portfolio/public --post-hook "service nginx-sp reload" --force-renewal

The trickiness with Certbot is that it doesn’t actually save your new settings unless it’s performing a live certificate issuance/renewal.

So if you run this ^, it should:

  1. Actually issue a live certificate
  2. Actually save your new settings, so the automatic Certbot cronjob will know how to successfully renew the cert on its own.

Edit: looks like it succeeded, hooray! Hopefully this is the last time you ever have to read the words “Certbot” :wink: .


#63

woah, no redtext, I think we are good for now and the future!

https://www.google.com/search?q=yes+baby+meme&rlz=1C5CHFA_enUS756US756&source=lnms&tbm=isch&sa=X&ved=0ahUKEwj259ft7v3fAhWEiOAKHfaBCUwQ_AUIDigB&biw=1920&bih=1271#imgrc=OjqpmxvHk4Ma5M:

thank you so much for stickin with me for… wow almost 4 hours? if you lived near me I’d buy you a beer but I think you live in Australia which is a problem, lol


#64

I forgot to ask this, when I have to renew in April I just run the previous command, yes?


#65

No!!! The point of all this pain was to make it automatic. Your server will renew the certificate on its own and reload nginx on it’s own. If you died today, it should keep renewing on its own forever.


#66

haha oh ok awesome! I tried to set up a crontask for this last year but I could never get it to work. If it works now then awesome. Lol, I’ve thought about that, what if someone who runs a website makes a crontask or an autorenewal for their hosting subscription and then dies. It will just always be there until the world ends, lol


#67

oh shit, is that exactly what fleetssl is going to be for?


#68

At this point it’s vaporware :stuck_out_tongue: (split into smaller, less ambitious projects). Maybe one day it will be finished.

BTW, you can probably apt-get remove letsencrypt now, so you don’t have overlapping cronjobs.


#69

rofl! I have never heard the term vaporware but it is a very necessary word!


#70

btw I can’t run logout or exit in my ssh connection to the server… any idea what thats about?


#71

When that happens to me I usually press the “emergency abort” sequence:

Return + ~ + .


#72

What happens? Does “jobs” show anything?


#73

oh haha I had nano open! lol I looked up a few lines and it said “use fg to return to nano”


#74

thanks for checkin in, so _az answered me almost immediately for a few hours… you should make him a mod or something…

some kind of cool bonus also works, lol


#75

lol ok my joke did not land… XD

well thanks!


#76

@_az Omfg. I was upgrading my server and it messed up the certbot installation, so I am back to letsencrypt rather than certbot . I am reading the convo from above but I do not see the solution! Do you remember how we installed certbot rather than letsencrypt?


#77

I’m pretty sure you used these instructions: https://certbot.eff.org/lets-encrypt/ubuntuxenial-other

The key was to install certbot and not python-certbot-apache (since you cannot overwrite the Apache package installed by ServerPilot).


#78

yes thank you old friend, it is fixed now… (that was a lot quicker than last time) it’s a good thing this thread had not expired yet… another week or two and it would all be gone XD


closed #79

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.