Remove suggestion

I am trying to generate ssl certificate for my domain using certbot.
I am running(automatically in a script) command sudo certbot --nginx -d example.com -d www.example.com
This command is running good, but it is showing suggestion

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.

I am running the command in a script, so it am unable to select any of above option. Please let me know, how can i remove this above suggestion or pass the param for this suggestion in the command.

2 Likes

Hi @hillsagejitesh

why are you doing such wrong things?

Please read the output, then you see: The question is required.

Then read

and use the correct command to renew certificates, not a completely wrong command.

2 Likes

Hello @JuergenAuer
Thanks for your response. It is the requirement of our client, to automate all the process. It would be very helpful if you can help me in this.

1 Like

If you're getting that question, you're not properly automating things and you should modify your process.

Please write a proper script with proper certbot commands not leading to running this specific command (for issuing a first certificate) when a certificate already exists.

Bypassing this certbot question should not be your question here, it's a sign your not properly implementing certbot.

1 Like

@Osiris above mentioned command was the only certbot command, I am using in my script. I am new in certbot, it would be helpful if you can guide how can I use certbot or any other certbot command to generate certificate in the automation process.

1 Like

certbot renew. It's even possible that certbot was set up with a scheduled task (systemd timer or cron job) to do this periodically anyway--it's recommended to run it once or twice a day. And, of course, the certbot docs are your friend.

1 Like

First, you must figure out what the GOAL of a certain command is. In your first post you say you want to "generate ssl certificate", but the output of the command you've used says you already have a certificate. So your goal obviously wasn't generating a certificate, as you already had one.

If your goal indeed was to test the command for first issuance of a certificate, but you're still testing stuff, you should ask yourself why certbot is asking questions when you already have a certificate: in that case your script testing isn't well designed.

So in essence: if the goal of your certbot command was to actually issue a first certificate, the command works perfectly in itself, but it's your script which is doing strange stuff (asking for a second certificate where there already is one).

Hopefully this clears some things up.

Also, please note the following: I have the strong feeling you're still experimenting and testing. If that's indeed the case, please use the staging environment for testing purposes if you didn't do so already.

1 Like

@Osiris
The command sudo certbot --nginx -d example.com -d www.example.com in my automation script is showing below suggestion in terminal. How can I do this in my command rather than selecting option manually in terminal.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.

Please review the certbot documentation for the answer to your question.

2 Likes

Add --redirect to automatically choose to redirect http to https.

Add --no-redirect to automatically choose not to redirect http to https

Incidentally, that question isn't actually asked by modern versions of certbot (--redirect is automatic), so you might want to consider updating your certbot if possible.

As @Osiris mentioned, be sure to use something like this:

sudo certbot certonly --nginx -d "example.com,www.example.com" --dry-run

to thoroughly test your certificate acquisition process with the staging environment before using something like this:

sudo certbot --nginx -d "example.com,www.example.com" --keep --redirect

to actually acquire and install real certificates from the production environment.

When you renew, your timed process (e.g
cron job) should just run something like this:

certbot renew -q

You can manually test the acquisition part of your renewal process with something like this:

sudo certbot renew --dry-run

You should consult the documentation that @Osiris linked to get a better understanding, but what I gave you should get you moving.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.