We're not quite done...
great, nginx vhost updated without the strange suffix :))
Now...
nginx -T
It will be long. We're looking for errors, like this one:
I can confirm from my end that your new certificate is functioning correctly. We'll try a renewal test in a minute.
very long output file, since I have many sites in this server...
Should I have to focus on sth specific?
Mainly you want to keep your eyes open for conflicts. Since the one I noted was just a warning, it shouldn't stop nginx from operating correctly.
Let's try this now:
certbot renew --cert-name sekretyrozwojuosobistego.pl --dry-run
$ sudo certbot renew --cert-name sekretyrozwojuosobistego.pl --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sekretyrozwojuosobistego.pl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Simulating renewal of an existing certificate for sekretyrozwojuosobistego.pl and www.sekretyrozwojuosobistego.pl
Performing the following challenges:
http-01 challenge for sekretyrozwojuosobistego.pl
http-01 challenge for www.sekretyrozwojuosobistego.pl
Waiting for verification...
Cleaning up challenges
Dry run: skipping deploy hook command: nginx -s reload
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Awesome!
Now...
Try this:
certbot renew --cert-name sekretyrozwojuosobistego.pl --force-renewal
$ sudo certbot renew --cert-name sekretyrozwojuosobistego.pl --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sekretyrozwojuosobistego.pl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate for sekretyrozwojuosobistego.pl and www.sekretyrozwojuosobistego.pl
Running deploy-hook command: nginx -s reload
Error output from deploy-hook command nginx:
nginx: [warn] conflicting server name "http2" on 0.0.0.0:443, ignored
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
/etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
As you can see here:
https://crt.sh/?Identity=sekretyrozwojuosobistego.pl&deduplicate=Y
your renewal just worked.
With that, I can assure you that the sekretyrozwojuosobistego.pl certificate will automatically renew correctly, so long as you have an automated task (e.g. cron) running certbot renew
. Since certbot is supposed to set this up automatically when it is installed, you should be good to go.
You can delete the wonky certificate now:
certbot delete --cert-name sekretyrozwojuosobistego.pl-0001
excellent, thank you for such great and fast help
You are quite welcome!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.