Installing as 'letsencrypt' rather than 'certbot'

bennyandthejets84 · 2019-01-21 02:46:43 UTC

Uh oh :o redtext
$ certbot renew --cert-name benrothman.org --force-renewal

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/benrothman.org.conf

Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for benrothman.org
tls-sni-01 challenge for www.benrothman.org
TLS-SNI-01 is deprecated, and will stop working soon.
Cleaning up challenges
Attempting to renew cert (benrothman.org) from /etc/letsencrypt/renewal/benrothman.org.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/benrothman.org/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/benrothman.org/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

_az · 2019-01-21 02:48:00 UTC

Yeah, that’s what I thought haha.

certbot renew --cert-name benrothman.org --webroot -w /srv/users/serverpilot/apps/portfolio/public --post-hook "service nginx-sp reload" --force-renewal

The trickiness with Certbot is that it doesn’t actually save your new settings unless it’s performing a live certificate issuance/renewal.

So if you run this ^, it should:

Actually issue a live certificate
Actually save your new settings, so the automatic Certbot cronjob will know how to successfully renew the cert on its own.

Edit: looks like it succeeded, hooray! Hopefully this is the last time you ever have to read the words “Certbot” .

bennyandthejets84 · 2019-01-21 02:54:42 UTC

woah, no redtext, I think we are good for now and the future!

https://www.google.com/search?q=yes+baby+meme&rlz=1C5CHFA_enUS756US756&source=lnms&tbm=isch&sa=X&ved=0ahUKEwj259ft7v3fAhWEiOAKHfaBCUwQ_AUIDigB&biw=1920&bih=1271#imgrc=OjqpmxvHk4Ma5M:

thank you so much for stickin with me for… wow almost 4 hours? if you lived near me I’d buy you a beer but I think you live in Australia which is a problem, lol

bennyandthejets84 · 2019-01-21 02:55:25 UTC

I forgot to ask this, when I have to renew in April I just run the previous command, yes?

_az · 2019-01-21 02:57:22 UTC

No!!! The point of all this pain was to make it automatic. Your server will renew the certificate on its own and reload nginx on it’s own. If you died today, it should keep renewing on its own forever.

bennyandthejets84 · 2019-01-21 02:59:53 UTC

haha oh ok awesome! I tried to set up a crontask for this last year but I could never get it to work. If it works now then awesome. Lol, I’ve thought about that, what if someone who runs a website makes a crontask or an autorenewal for their hosting subscription and then dies. It will just always be there until the world ends, lol

bennyandthejets84 · 2019-01-21 03:01:48 UTC

oh shit, is that exactly what fleetssl is going to be for?

_az · 2019-01-21 03:02:55 UTC

At this point it’s vaporware (split into smaller, less ambitious projects). Maybe one day it will be finished.

BTW, you can probably apt-get remove letsencrypt now, so you don’t have overlapping cronjobs.

bennyandthejets84 · 2019-01-21 03:06:56 UTC

rofl! I have never heard the term vaporware but it is a very necessary word!

bennyandthejets84 · 2019-01-21 03:07:33 UTC

btw I can’t run logout or exit in my ssh connection to the server… any idea what thats about?

_az · 2019-01-21 03:08:51 UTC

When that happens to me I usually press the “emergency abort” sequence:

Return + ~ + .

mnordhoff · 2019-01-21 03:10:12 UTC

What happens? Does “jobs” show anything?

bennyandthejets84 · 2019-01-21 03:12:20 UTC

oh haha I had nano open! lol I looked up a few lines and it said “use fg to return to nano”

bennyandthejets84 · 2019-01-21 03:13:59 UTC

thanks for checkin in, so _az answered me almost immediately for a few hours… you should make him a mod or something…

some kind of cool bonus also works, lol

bennyandthejets84 · 2019-01-21 03:29:00 UTC

lol ok my joke did not land… XD

well thanks!

bennyandthejets85 · 2019-02-13 23:35:50 UTC

@_az Omfg. I was upgrading my server and it messed up the certbot installation, so I am back to letsencrypt rather than certbot . I am reading the convo from above but I do not see the solution! Do you remember how we installed certbot rather than letsencrypt?

_az · 2019-02-13 23:39:25 UTC

I’m pretty sure you used these instructions: https://certbot.eff.org/lets-encrypt/ubuntuxenial-other

The key was to install certbot and not python-certbot-apache (since you cannot overwrite the Apache package installed by ServerPilot).

bennyandthejets85 · 2019-02-13 23:47:26 UTC

yes thank you old friend, it is fixed now… (that was a lot quicker than last time) it’s a good thing this thread had not expired yet… another week or two and it would all be gone XD