Yea the 443 section was left alone and only the port 80 was changed
# REDIRECTS ALL PORT 80/HTTP to 443/HTTPS server { listen 80; listen [::]:80; server_name addmoreroutes.com; location ~ /.well-known/acme-challenge { try_files $uri =404; root /var/www/html/; } location / { return 301 https://$host/request_uri; } } # GUACAMOLE SERVER SETTINGS server { listen 443 ssl; listen [::]:443 ssl; server_name addmoreroutes.com; proxy_buffering off; proxy_redirect off; proxy_cookie_path /guacamole/ /; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; location ~ /.well-known/acme-challenge { try_files $uri =404; root /var/www/html/; } location / { proxy_pass http://x.x.x.x/guacamole/; } }
So now retry getting a cert
I was able to test using letsdebug from before and it worked
Afterwards I got a new cert and it was successful
After that I tried the website and it appears fine using both http and https
Thanks a million
One less problem in the world!
was is the easiest way to setup a cronjob to automate this process ?
Show the command line you ran.
guacadmin@GuacSecondary:~$ sudo letsencrypt renew
Processing /etc/letsencrypt/renewal/addmoreroutes.com.conf
new certificate deployed without reload, fullchain is /etc/letsencrypt/live/addmoreroutes.com/fullchain.pem
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/addmoreroutes.com/fullchain.pem (success
Try this from command line:
sudo /usr/bin/letsencrypt renew -q --deploy-hook 'service nginx restart'
replace path with your actual path.
find it with
which letsencrypt
guacadmin@GuacSecondary:~$ which letsencrypt
/usr/bin/letsencrypt
guacadmin@GuacSecondary:~$ sudo /usr/bin/letsencrypt renew -q --deploy-hook ‘service nginx restart’
usage:
letsencrypt [SUBCOMMAND] [options] [-d domain] [-d domain] …
The Let’s Encrypt agent can obtain and install HTTPS/TLS/SSL certificates. By
default, it will attempt to use a webserver both for obtaining and installing
the cert. Major SUBCOMMANDS are:
(default) run Obtain & install a cert in your current webserver
certonly Obtain cert, but do not install it (aka “auth”)
install Install a previously obtained cert in a server
renew Renew previously obtained certs that are near expiry
revoke Revoke a previously obtained certificate
rollback Rollback server configuration changes made during install
config_changes Show changes made to server config during installation
plugins Display information about installed plugins
letsencrypt: error: unrecognized arguments: -q --deploy-hook service nginx restart
Your version of LE is rather old.
You might want to update it to get newer features and functionality:
see: https://certbot.eff.org/all-instructions/
In the meantime, something like this should work in your crobtab:
30 01 * * * sudo /usr/bin/letsencrypt renew
or maybe just
30 01 * * * /usr/bin/letsencrypt renew
(((But it won’t restart the web service for you - it will only renew the cert)))
If you are ok with daily graceful restarts, you could do this:
30 01 * * * sudo /usr/bin/letsencrypt renew && service nginx restart
to insure the newest cert is always being served.
guacadmin@GuacSecondary:~$ 30 01 * * * sudo /usr/bin/letsencrypt renew
30: command not found
guacadmin@GuacSecondary:~$ 30 01 *** sudo /usr/bin/letsencrypt renew
30: command not found
No that becomes your con job.
Lookup how to setup cron jobs.
To show your cron jobs:
crontab -l
To edit your cron jobs:
crontab -e
For Ubuntu: https://askubuntu.com/questions/2368/how-do-i-set-up-a-cron-job
lol sorry linux noob over here
guacadmin@GuacSecondary:~$ crontab -l
# Edit this file to introduce tasks to be run by cron.
**# **
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
**# **
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
**# and day of week (dow) or use '*' in these fields (for 'any').# **
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
**# **
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
**# **
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
**# **
# For more information see the manual pages of crontab(5) and cron(8)
**# **
# m h dom mon dow command30 01 * * * sudo /usr/bin/letsencrypt renew && service nginx restart
Yeah!
Now wait until tomorrow and check your LE logs to see if it ran or had any issues.
Logs should go to /var/log/letsencrypt/letsencrypt.log
(or something like that)
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.