I hope this hasn’t been asked yet - I’ve had a look around the forums and couldn’t find any similar Qs.
Note - I’ve replaced the actual domain name with example.com below
I’m automating the setup of a LEMP stack (Ubuntu 16.04.1, NginX, MariaDB and PHP7) and using letsencrypt for cert issuing. I’ve written a bash file that sets up the server perfectly, installs letsencrypt and issues a cert. The way I’m running the bash file is by git cloning it to a directory, lets say:
Then, I’m running the script from there and letting it do it’s thing:
# cd ~/temp/setup_server_script
# sudo ./script.sh
The part in that script that takes care of installing letsencrypt is:
# apt-get -qq install -y letsencrypt > logs/stdout.txt 2>&1
Note - I’m trying to do this as automated and quietly as possible…
And the part in the script that installs the cert is:
# letsencrypt certonly -a webroot --webroot-path=/var/www/html --agree-tos --email email@example.com -d example.com
The problem that I’m having is with renewals. There’s only one domain/cert per server so I’m just running
sudo letsencrypt renew
and I get the error:
2017-01-25 05:34:50,319:WARNING:letsencrypt.cli:Renewal configuration file /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: [Errno 2] No such file or directory. Skipping.
No renewals were attempted.
Additionally, the following renewal configuration files were invalid:
0 renew failure(s), 1 parse failure(s)
So I checkout the conf file in question:
And I realise that the
chain_path values are all incorrect and are pointing to the directory in which I initiated the bash script to run from:
fullchain_path = /root/temp/setup_server_script/chain.pem
cert_path = /root/temp/setup_server_script/cert.pem
chain_path = /root/temp/setup_server_script/chain.pem
Obviously this is not correct as the .pem files are in:
My questions are:
Is this the best (or at least a good) way to automate letsencrypt via shell script?
If so, how can I make sure the renewal .conf file has the correct paths for
Is there a better way to renew or something I’m missing that will fix this?
This is where I’m at so far, but ultimately I’d like to automate the setup of automatic cert renewals by adding some commands to the shell script that will in turn add a line or two to the crontab. Just need to figure out what renewal commands I can add to get this working properly!
Thank you in advance for your help!