Make certbot stop creating *-le-ssl.conf

MattBlox · December 13, 2019, 8:57pm

Hi there,

pretty sure this behavior is NOT correct:

everytime i run certbot to renew certificates, it will create -le-ssl.conf files, even though i choose NO REDIRECT.

how to stop this?

Greetings

rg305 · December 13, 2019, 11:13pm

There may be some residue of that original request in the renewal.conf file.
cat /etc/letsencrypt/renewal/*.conf

MattBlox · December 13, 2019, 11:40pm

hi and thx for replying!

Cannot find anything suspicious there,
shall i delete theese files?

Greetings

rg305 · December 13, 2019, 11:41pm

NO NO NO
Not so fast.

Please show one of the files you are having trouble with.
And the complete command that you run.

MattBlox · December 13, 2019, 11:47pm

# renew_before_expiry = 30 days
cert = /etc/letsencrypt/live/webmail.blox.berlin/cert.pem
privkey = /etc/letsencrypt/live/webmail.blox.berlin/privkey.pem
chain = /etc/letsencrypt/live/webmail.blox.berlin/chain.pem
fullchain = /etc/letsencrypt/live/webmail.blox.berlin/fullchain.pem
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/webmail.blox.berlin

# Options and defaults used in the renewal process
[renewalparams]
installer = apache
authenticator = apache
account = REMOVED
server = https://acme-v02.api.letsencrypt.org/directory

Hmm i susually just run “certbot”.

There is one apache config containing all vhosts:80 for redirection purposed.
When run, certbot would make a -le-ssl.conf version of this file, effectively overriding ALL other config files…

my setup:
one config containing all vhosts with 80 => 443 redirection
seperate configs for each 443 domain

why does certbot let me choose between REDIRECT and NOT REDIRECT but will create a redirect ANYWAY? Did i get something wrong?

rg305 · December 14, 2019, 2:23am

I think you are confusion making a second (TLS enabled) config with a redirect.

Redirection says:
“You have reached an HTTP server — but there is no one here, we moved to HTTPS, please connect with us @ HTTPS://this.same.server.name/”

Where (I suspect that) these two files only say:
File #1: “Hi I’m an HTTP server [I can serve you domain(s) x(& y, & z, etc…)]”
File #2: “Hi I’m an HTTPS server [I can serve you domain(s) x(& y, & z, etc…)]”

The second file is created simply to enable an HTTPS “copy” of the HTTP file (within it’s own file).

system · January 13, 2020, 2:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.