copy and paste.
Not:
I wrote:
copy and paste.
Not:
I wrote:
Looks great:
certbot certonly --dry-run --webroot -w /var/www/www-root/data/www/dukium.org -d "dukium.org,www.dukium.org"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/dukium.org.conf)
It contains these names: dukium.org
You requested these names for the new certificate: dukium.org, www.dukium.org.
Do you want to expand and replace this existing certificate with the new
certificate?
(E)xpand/(C)ancel: (E)xpand/(C)ancel: E
Renewing an existing certificate
IMPORTANT NOTES:
Now do that again but without --dry-run
Works. But need a little help with the vhost file
<VirtualHost *:443>
ServerName dukium.org
DocumentRoot /var/www/www-root/data/www/dukium.org
ServerAdmin office@dukium.org
AddDefaultCharset UTF-8
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/dukium.org/fullchain.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/dukium.org/fullchain.pem"
SSLHonorCipherOrder on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite EECDH:+AES256:-3DES:RSA+AES:RSA+3DES:!NULL:!RC4:!RSA+3DES
<IfModule headers_module>
Header always set Strict-Transport-Security "max-age=31536000; preload"
</IfModule>
AssignUserID www-root www-root
CustomLog /var/www/httpd-logs/dukium.org.access.log combined
ErrorLog /var/www/httpd-logs/dukium.org.error.log
<FilesMatch "\.ph(p[3-5]?|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
<IfModule php5_module>
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f dukium@shoof.co.il"
php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
php_admin_value open_basedir "/var/www/www-root/data:."
</IfModule>
<IfModule php7_module>
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f dukium@shoof.co.il"
php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
php_admin_value open_basedir "/var/www/www-root/data:."
</IfModule>
ServerAlias www.dukium.org
DirectoryIndex index.php index.html
Gives:
[Thu Nov 11 13:44:51.748651 2021] [ssl:emerg] [pid 2492] AH02564: Failed to configure encrypted (?) private key dukium.org:443:0, check /etc/letsencrypt/live/dukium.org/fullchain.pem
[Thu Nov 11 13:45:03.604035 2021] [ssl:error] [pid 2596] AH02579: Init: Private key not found
[Thu Nov 11 13:45:03.615733 2021] [ssl:error] [pid 2596] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Nov 11 13:45:03.615777 2021] [ssl:error] [pid 2596] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Thu Nov 11 13:45:03.615793 2021] [ssl:error] [pid 2596] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Nov 11 13:45:03.615807 2021] [ssl:error] [pid 2596] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Thu Nov 11 13:45:03.615829 2021] [ssl:error] [pid 2596] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Thu Nov 11 13:45:03.615841 2021] [ssl:error] [pid 2596] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Nov 11 13:45:03.615854 2021] [ssl:error] [pid 2596] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Thu Nov 11 13:45:03.615917 2021] [ssl:emerg] [pid 2596] AH02564: Failed to configure encrypted (?) private key dukium.org:443:0, check /etc/letsencrypt/live/dukium.org/fullchain.pem
Probably something minor.
Thanks
David
Also tried privkey.pem in the SSLCertificateFile
All works !!!
Used this Certbot - how to manually install certs? - #5 by kenw232
rg305 You made my day !!! (and night: )
Thanks
David
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.