Letsencrypt-auto certonly configuration


#1

Hi all, I have two quick questions I want a bit of clarification on.

When I ran the command ‘./letsencrypt-auto --debug’ on CentOS7 I got a notification that I needed to run the “letsencrypt-auto certonly” command and configure it manually.

After some googling I used the following:
./letsencrypt-auto --text --agree-tos --email my@email.com certonly --renew-by-default --webroot --webroot-path /var/www/html -d foo.co.uk

Which worked perfectly. However I later realised that I failed to acquire an SSL certificate for the equivalent ‘www.’ website address. This isn’t a problem in this case but might be in future installations.

Am I right in simply adding the following ‘-d www.foo.co.uk’ to the end of the command?
./letsencrypt-auto --text --agree-tos --email my@email.com certonly --renew-by-default --webroot --webroot-path /var/www/html -d foo.co.uk -d www.foo.co.uk

Secondly the above both contain the command “renew-by-default” does this mean the certificate will renew prior to expiry automatically or is this not the case because of the manual certificate installation?

Any feedback is appreciated.


#2

Hi @dan382,

That will work. For greater clarity about what’s happening, I suggest using --expand instead of --renew-by-default in this case.

No. --renew-by-default is the old, obsolete name for --force-renewal and does not mean “renew automatically in the future” but rather “ensure that the certificate is replaced right now even if it is not about to expire”. (“By default” was an awkward way of expressing “without regard to Certbot’s own judgment about necessity”.)

If the reference to --renew-by-default that you found is on a page that we could edit, please let me know and we can change it to refer to --force-renewal instead.

For automated renewal, you should instead be using letsencrypt-auto renew, and you need to create a cron job to do it. This is briefly described at


#3

Thanks Schoen,

So to clarify I should use the following:

./letsencrypt-auto --text --agree-tos --email my@email.com certonly --force-renewal --webroot --webroot-path /var/www/html -d foo.co.uk -d www.foo.co.uk -d sub.foo.co.uk

I’ve also added a subdomain in this example which I’m assuming are added in exactly the same way?

The information I sourced this from was external so unfortunately can’t be edited, however I will leave a comment on the site:

Thanks for the information on how to automate the renewal process, very useful.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.