LetsEncrypt Auto-Renew with Digital Ocean and Server Pilot


#1

Hello Everyone,

I am Adnan, fairly new to this forum and to SSL world as well. In fact, let me accept the fact that am completely new to using Digital Ocean, Server Pilot and CloudFlare setup altogether. I want to start a blog and want to make it super-fast and super-reliable on low budget.

So here’s what I’ve been able to accomplish.

  • Purchased DigitalOcean, ServerPilot Setup done. Wordpress installed.
  • To increase security, I learned to use Putty to be able to generate public/private key and login via SSH to DO, this was indeed an accomplishment for me.

Now, here’s the real deal. After messing up once, I’ve finally installed Letsencrypt from Github and it works, even it scores an A from qualitylabs ssl test.

So now, how do I auto renew my ssl with let’s encrypt - I’ve seen too many tuts and am kind of cracking my head. Well, I’ve figured probably the best way is to go with crontab -e and used this script as suggested by DO

30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log
35 2 * * 1 /bin/systemctl reload nginx

but I suspect since am using serverpilot so this has to be

30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log
35 2 * * 1 /bin/systemctl reload nginx-sp

so tried that too and checked my logs (I do not know how to but again tried :stuck_out_tongue:)

by going to cd /var/log/le-renew.log

it was not working so I checked syslog via grep cron command and got to know I think the command was working.

Now, here’s the real two questions.

  1. How can I smoothly and securely auto-renew my SSL
  2. Why on earth is my site not loading from my internet connection? It says
    This site can’t be reached
    server DNS address could not be found.

By the way, site works just fine from different internet connection and checked via online proxy all seems well. Just something with the LAN connection I used to setup this whole DO droplet and everything.

What might be wrong? I tried deleting cache, flushing DNS etc. but nothing has worked so far. What could be wrong here people?

Thanks a TON! :slight_smile: :slight_smile:


#2

Alright, I’ve sorted the 2nd issue. For all those who face similar issues, I had to change my Wireless IPv4 DNS from properties section located under the network area through control panel on Windows. I’ve used 8.8.8.8 and 8.8.4.4

Now it works like a charm.

One issue of Let’s Encrypt still exits. Need massive help there to auto-renew it, anyone? Please guide.


#3

are you using certbot?


#4

Well, I deployed server via ServerPilot, it does the heavy lifting for you. And yes, I use Putty to connect to DO via SSH. So what is certbot exactly? Not sure.

Thanks for response.


#5

certbot is the official client (it used to be called letsencrypt). Generally it’s easiest to renew using the system you used to create the cert - so something like “/usr/bin/letsencrypt renew”

what happens if you just run

/usr/bin/letsencrypt renew

via SSH ? can you tell us the output of that ?


#6

Alright, here’s the input I get

/usr/bin/letsencrypt renew
No such file or directory

./letsencrypt-auto renew
No such file or directory

sudo letsencrypt renew
command not found

./letsencrypt-auto renew --dry-run
No such file or directory

cd /opt/letsencrypt
/usr/bin/letsencrypt renew
No such file or directory

Finally, tried this
./letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/domain.com.conf

Cert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/domain.com/fullchain.pem (skipped)
No renewals were attempted.

So hope this helps!


#7

it does thanks :slight_smile:

when you are in the location where the “./letsencrypt-auto renew” worked, can you type

pwd

which will give you the name of that location, and tell us what it is please


#8

Yes, I know that location as I installed there. Besides, for the sake of confirmation I tried pwd

It gave this /opt/letsencrypt

:slight_smile:


#9

Sometimes I feel people have unlimited potential. We can do whatever we put our mind to. At first, it seems impossible and then when you’re really focused, things get easier. At least you can understand them faster, that’s how it always works!

Thanks to those who guide and help. It’s indeed a blessing!


#10

great - so the cron should be

30 2 * * * /opt/letsencrypt/letsencrypt-auto renew --renew-hook “/bin/systemctl reload nginx-sp”


#11

great, but how do you know that? :stuck_out_tongue:


#12

So for newbies out there :stuck_out_tongue: Here’s what needs to be done

crontab -e

paste this code there
30 2 * * * /opt/letsencrypt/letsencrypt-auto renew --renew-hook “/bin/systemctl reload nginx-sp”

and then ctrl + x to edit, for saving file, say yes with y and done.

Am I right serverco? :slight_smile:


#13

well “./” means the current path, and when I asked what that was you told me the current path was “/opt/letsencrypt/” so the command to run letsencrypt would be “/opt/letsencrypt/letsencrypt-auto”

The option “renew” is to renew the certificate and the option ( --renew-hook “/bin/systemctl reload nginx-sp” ) tells it to run the following command if (and only if) a certificate was renewed.

And yes you’re correct :slight_smile: (for those editing the crontab via ssh )


#14

Genius! :slight_smile: Thanks buddy. You saved me!
Loads to work on!


Need Help Regarding Let's Encrypt Renewal
#15

(Depending on the default text editor on your operating system! There are many different Unix text editors and they all have different ways to insert text, save a file, etc.)


#16

How did you become so knowledgeable about servers? Just curious, is it your degree or profession or otherwise you’ve worked really too hard brother! :slight_smile:


#17

I’m not sure whom this question was directed to, but there are a lot of great books out there about system administration and the Unix command line. Also, if you use a Unix-based operating system for your desktop OS and regularly use the command line interface, you’ll learn a lot of things that are directly applicable to working with servers; the server will seem like just another computer that happens to be out on the network rather than right in front of you.


#18

Actually, both of you!

I’ve never been a hardware guy but it’s time to learn I guess, maybe by facing these challenges and getting it done.
Thanks once again to both of you!


#19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.