LetsEncrypt Renewal Issue

ak31 · May 22, 2018, 4:18am

Yea the 443 section was left alone and only the port 80 was changed

ak31 · May 22, 2018, 4:19am

    # REDIRECTS ALL PORT 80/HTTP to 443/HTTPS
    server
    {
            listen 80;
            listen [::]:80;                                                        
            server_name addmoreroutes.com;

            location ~ /.well-known/acme-challenge
            {
                try_files $uri =404;
                root /var/www/html/;
            }

            location /
                     {
                            return 301 https://$host/request_uri;
                     }
    }

    # GUACAMOLE SERVER SETTINGS
    server
    {
            listen 443 ssl;
            listen [::]:443 ssl;
            server_name addmoreroutes.com;

            proxy_buffering off;
            proxy_redirect  off;
            proxy_cookie_path /guacamole/ /;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            location ~ /.well-known/acme-challenge
            {
               try_files $uri =404;
               root /var/www/html/;
            }

            location /
            {
                    proxy_pass http://x.x.x.x/guacamole/;
            }
    }

rg305 · May 22, 2018, 4:19am

So now retry getting a cert

ak31 · May 22, 2018, 4:21am

I was able to test using letsdebug from before and it worked
Afterwards I got a new cert and it was successful
After that I tried the website and it appears fine using both http and https

Thanks a million

rg305 · May 22, 2018, 4:22am

One less problem in the world!

ak31 · May 22, 2018, 4:22am

was is the easiest way to setup a cronjob to automate this process ?

rg305 · May 22, 2018, 4:22am

Show the command line you ran.

ak31 · May 22, 2018, 4:23am

guacadmin@GuacSecondary:~$ sudo letsencrypt renew
Processing /etc/letsencrypt/renewal/addmoreroutes.com.conf
new certificate deployed without reload, fullchain is /etc/letsencrypt/live/addmoreroutes.com/fullchain.pem

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/addmoreroutes.com/fullchain.pem (success

rg305 · May 22, 2018, 4:26am

Try this from command line:
sudo /usr/bin/letsencrypt renew -q --deploy-hook 'service nginx restart'

replace path with your actual path.
find it with
which letsencrypt

ak31 · May 22, 2018, 4:29am

guacadmin@GuacSecondary:~$ which letsencrypt
/usr/bin/letsencrypt
guacadmin@GuacSecondary:~$ sudo /usr/bin/letsencrypt renew -q --deploy-hook ‘service nginx restart’
usage:
letsencrypt [SUBCOMMAND] [options] [-d domain] [-d domain] …

The Let’s Encrypt agent can obtain and install HTTPS/TLS/SSL certificates. By
default, it will attempt to use a webserver both for obtaining and installing
the cert. Major SUBCOMMANDS are:

(default) run Obtain & install a cert in your current webserver
certonly Obtain cert, but do not install it (aka “auth”)
install Install a previously obtained cert in a server
renew Renew previously obtained certs that are near expiry
revoke Revoke a previously obtained certificate
rollback Rollback server configuration changes made during install
config_changes Show changes made to server config during installation
plugins Display information about installed plugins
letsencrypt: error: unrecognized arguments: -q --deploy-hook service nginx restart

rg305 · May 22, 2018, 4:31am

Your version of LE is rather old.
You might want to update it to get newer features and functionality:
see: https://certbot.eff.org/all-instructions/

In the meantime, something like this should work in your crobtab:
30 01 * * * sudo /usr/bin/letsencrypt renew
or maybe just
30 01 * * * /usr/bin/letsencrypt renew

(((But it won’t restart the web service for you - it will only renew the cert)))
If you are ok with daily graceful restarts, you could do this:
30 01 * * * sudo /usr/bin/letsencrypt renew && service nginx restart
to insure the newest cert is always being served.

ak31 · May 22, 2018, 4:36am

guacadmin@GuacSecondary:~$ 30 01 * * * sudo /usr/bin/letsencrypt renew
30: command not found
guacadmin@GuacSecondary:~$ 30 01 *** sudo /usr/bin/letsencrypt renew
30: command not found

rg305 · May 22, 2018, 4:37am

No that becomes your con job.
Lookup how to setup cron jobs.
To show your cron jobs:
crontab -l
To edit your cron jobs:
crontab -e

For Ubuntu: https://askubuntu.com/questions/2368/how-do-i-set-up-a-cron-job

ak31 · May 22, 2018, 4:40am

lol sorry linux noob over here

guacadmin@GuacSecondary:~$ crontab -l
# Edit this file to introduce tasks to be run by cron.
**# **
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
**# **
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
**# and day of week (dow) or use '*' in these fields (for 'any').# **
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
**# **
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
**# **
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
**# **
# For more information see the manual pages of crontab(5) and cron(8)
**# **
# m h dom mon dow command

30 01 * * * sudo /usr/bin/letsencrypt renew && service nginx restart

rg305 · May 22, 2018, 4:41am

Yeah!
Now wait until tomorrow and check your LE logs to see if it ran or had any issues.

Logs should go to /var/log/letsencrypt/letsencrypt.log (or something like that)

system · June 21, 2018, 4:41am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.