I ran this command: certbot certonly --webroot -w $CERTBOT_ROOT -d $SSL_DOMAIN -m $SSL_EMAIL --agree-tos --non-interactive
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for fdm.niradynamics.se
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification…
Cleaning up challenges
live directory exists for fdm.niradynamics.se
IMPORTANT NOTES:
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
My web server is (include version): ngnix 1.17.1
The operating system my web server runs on is (include version): Docker nginx image (Linux 9 stretch)
Hi!
I am trying to configure my docker ngnix to automatically renew cert (if needed). In order to get the nginx up and running the first time, I use my own dummy (not-trusted-generated) cert.
I have also create a persistent docker volume and thought that I overwrite the dummy cert with certbot. However, certbot returns “live directory exists for…”. Is it possible to overwrite an own created cert using certbot? Or does there exist a more elegant solution to this?
Because I am pointing out the ssl cert in the nginx config. Is there any workaround? Btw, I am trying to use openssl to determine if the cert should be updated (CA name and expire date). Might work out for me.
Is there a reason why you're using certonly in stead of the default run action with the nginx installer plugin? Perhaps because you want to manually add the HTTPS virtual host configuration section?
As far as I know, the apache and nginx installer plugins of certbot should be able to only update the HTTPS virtual host in the configuration file. So you could point to a dummy cert indeed in your config file and run certbot with -i nginx so it replaces the configuration option pointing to the dummy cert with the created certificate.
The "live directory exists for .." isn't an error I'm familiar with. You should however put /etc/letsencrypt on a persistent docker volume, if you haven't done so already.
If you don’t want to use Certbot’s -i nginx feature (or equivalently --nginx instead of certonly), I would suggest putting your dummy cert in a different path, say /etc/letsencrypt/dummy instead of /etc/letsencrypt/live. After your first certbot certonly run, you could then run
sed -i 's/dummy/live/' /etc/nginx/whatever.conf
to change the reference in the configuration file.
There is a way to create the entire /etc/letsencrypt structure with a dummy cert from the outset, but it’s not documented and requires a bit of manual work, so I don’t think I would suggest that.
The method suggested by @Osiris is intended to create the HTTPS virtual host for you where it didn’t already exist. This is what most people prefer to do if they don’t already have a certificate, but I’m sure there are configurations in which people don’t prefer that.