Some webservers on backend using nginx and some Apache if it even matters.
No worries 
I still have one month to figure it out until my wild certificate expired.
2 Likes
The --standalone method is difficult to debug because you need to keep Certbot running to test connection from the public internet.
A way to test this is to use these command options
certbot certonly --standalone --dry-run --debug-challenges -v -d (domain)
This command will show you the challenge URL to try from the public internet and the proper response. After showing you this it will say "Press Enter to Continue". DO NOT PRESS ENTER.
Leave it paused like that and use a different device to test connection. You can even use a mobile phone with wifi disabled so use your carrier's network.
You do not have to use the full URL. Just try http://(yourdomain)
If the connection works this shorter URL should see a response like below. If you don't see this something is wrong with the network routing on your end. Like a router isn't mapping port 80 correctly or something like that. Repeat this until you get a successful result then try the cert request.
ACME client standalone challenge solver
4 Likes
It is not working over internet, but only locally.
curl localhost
ACME client standalone challenge solver
This is a good tip, I have to make it working over internet.
1 Like
Thank you very much for your help!
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/ncloud.devhomeit.ca/fullchain.pem
Key is saved at: /etc/letsencrypt/live/ncloud.devhomeit.ca/privkey.pem
This certificate expires on 2024-09-08.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
If you like Certbot, please consider supporting our work by:
- Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
- Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation
4 Likes
Hi Alex,
Please kindly check your TXT record and make sure you have added it correctly on your DNS settings. Cloudflare is free DNS service and you can point your domain to their name server, then you can add your TXT record to make sure your SSL back working again. Good luck!
1 Like
Hi Bill,
I was looking at this option and going to try it soon. But for now I just spin another small linux vm and pointed port 80 to it and use it to create individual certificates for each webserver.
Wrote small shell script to automation process and I am fine with this solution.
4 Likes
Would you be willing to share the script?
2 Likes
Hi,
The next day transferred my domain to CloudFlare and using wildcard certificate again.
Before it was small script to copy every individual cert from /etc/letsencrypt/live/* to /etc/haproxy/certs directory.
cd /etc/letsencrypt/live/domainname
cat fullchain.pem privkey.pem > domainname.pem
And then rsync to my haproxy server
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.