Questions for certificate renewal


#1

My operating system is (include version): OpenBSD 6.0
My web server is (include version): Nginx

Hello,

I’m trying to make certificates renewed automatically and I have a .conf file that looks like that

version = 0.8.1
cert = /etc/letsencrypt/live/domain.org/domain.org_pp.crt
privkey = /etc/letsencrypt/live/domain.org/domain.org.key
fullchain = /etc/letsencrypt/live/domain.org/domain.org_chaine_pp.crt
chain = /etc/letsencrypt/live/domain.org/CA_Fake_Intermediaire_Lets_Encrypt.crt
//archive_dir = /etc/letsencrypt/archive/domain.org

// Options used in the renewal process
[renewalparams]
authenticator = webroot
//rsa_key_size = 4096
installer = None
account = 04xxxxxxxxxxxxxxxxxxxxb
//account = 8xxxxx6
server = https://acme-staging.api.letsencrypt.org/directory
//server = https://acme-v01.api.letsencrypt.org/directory
email = email@mydomain.org
webroot_path = /var/www/htdocs
[[webroot_map]]
mydomain.org = /var/www/htdocs

I would like to know what the fields “webroot_path =” and “[[webroot_map]] mydomain.org =” used for knowing that the verification string use this path
cat /var/www/letsencrypt/.well-known/acme-challenge/9CxxxxxxxxxxxxxxxxxxxxxxxxxxxxZ9CXMw


#2

The webroot_path would be /var/www/letsencrypt, i.e., the path up to the /.well-known/ part.

The [[webroot_map]] would be in this case contain the same path, as you only have one.


#3

hi @mikygee

You also seem to be pointing to the staging server. Is this intentional?

server = https://acme-staging.api.letsencrypt.org/directory

Andrei


#4

Thank you Osiris and Ahaw
Yes it’s normal because I’m doing tests, if I’m doing too many tests on production Letsencrypt bans me for a few days.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.