I ran this command:
/usr/local/bin/cert-renew seafile.swamp.xyz >> /var/log/your_domain.tld-renew.log 2>&1
It produced this output:
Checking expiration date for seafile.swamp.xyz…
The certificate for seafile.swamp.xyz is about to expire soon. Starting renewal request…
”/opt/seafile/seafile-server-latest/seahub” does not exist or is not a directory
Reloading Nginx…
Renewal process finished for domain seafile.swamp.xyz
Checking expiration date for seafile.swamp.xyz…
The certificate for seafile.swamp.xyz is about to expire soon. Starting renewal request…
”/usr/share/nginx/html” does not exist or is not a directory
Reloading Nginx…
Renewal process finished for domain seafile.swamp.xyz
My web server is (include version):
nginx version: nginx/1.16.1
The operating system my web server runs on is (include version):
CentOS Linux release 7.7.1908 (Core)
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
I am using /usr/local/bin/cert-renew
So I think the issue resides in the way seafile is redirecting all pages, I am not sure what’s required of cert-renew to renew, but that directory exists:
[root@seafile nginx]# ls -ltrh /usr/share/nginx/html
total 12K
-rw-r–r-- 1 root root 368 Oct 3 01:12 nginx-logo.png
-rw-r–r-- 1 root root 3.7K Oct 3 01:12 50x.html
-rw-r–r-- 1 root root 3.6K Oct 3 01:12 404.html
lrwxrwxrwx 1 root root 20 Dec 28 10:59 en-US -> …/…/doc/HTML/en-US
drwxr-xr-x 2 root root 27 Dec 28 10:59 icons
lrwxrwxrwx 1 root root 25 Dec 28 10:59 index.html -> …/…/doc/HTML/index.html
lrwxrwxrwx 1 root root 18 Dec 28 10:59 img -> …/…/doc/HTML/img
lrwxrwxrwx 1 root root 14 Dec 28 10:59 poweredby.png -> nginx-logo.png
[root@seafile nginx]#
#!/bin/bash
webpath='/usr/share/nginx/html'
#webpath='/opt/seafile/seafile-server-latest/seahub'
domain=$1
le_path='/opt/letsencrypt'
le_conf='/etc/letsencrypt'
exp_limit=30;
get_domain_list(){
certdomain=$1
config_file="$le_conf/renewal/$certdomain.conf"
if [ ! -f $config_file ] ; then
echo "[ERROR] The config file for the certificate $certdomain was not found."
exit 1;
fi
domains=$(grep --only-matching --perl-regex "(?<=domains \= ).*" "${config_file}")
last_char=$(echo "${domains}" | awk '{print substr($0,length,1)}')
if [ "${last_char}" = "," ]; then
domains=$(echo "${domains}" |awk '{print substr($0, 1, length-1)}')
fi
echo $domains;
}
if [ -z "$domain" ] ; then
echo "[ERROR] you must provide the domain name for the certificate renewal."
exit 1;
fi
cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"
if [ ! -f $cert_file ]; then
echo "[ERROR] certificate file not found for domain $domain."
exit 1;
fi
exp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)
datenow=$(date -d "now" +%s)
days_exp=$(echo \( $exp - $datenow \) / 86400 |bc)
echo "Checking expiration date for $domain..."
if [ "$days_exp" -gt "$exp_limit" ] ; then
echo "The certificate is up to date, no need for renewal ($days_exp days left)."
exit 0;
else
echo "The certificate for $domain is about to expire soon. Starting renewal request..."
domain_list=$( get_domain_list $domain )
"$le_path"/letsencrypt-auto certonly -a webroot --agree-tos --renew-by-default --webroot-path=”$webpath” --domains "${domain_list}"
echo "Reloading Nginx..."
sudo systemctl reload nginx
echo "Renewal process finished for domain $domain"
exit 0;
fi
As an aside, and BTW/FYI:
Rather than having to check manually for replies/updates, you can setup your profile to notify you via email when a reply is posted to your topic (and also when your username is mentioned):
In your user preferences set as:
Leave it as is and add the first location above
OR
Change it to something dedicated like: /ACME-challenges
and add the matching location.
LE is having trouble authenticating; which seems to be related to the inability of reaching the challenge files that are being placed (who knows where).
This approach guarantees the location of those challenge files is known and well defined.
[I don't know the name of the file; but you showed the contents]
Only if you want to put a test text file in there; to see if it can be directly accessed via the Internet.
Otherwise, the folders should get created, and deleted, as needed.