Renew letsencrypt certbot certificate


#21

@hteo , Please provide the error message after running certbot renew command .

Copy paste all the error message . It will be helpful. you can hide/replace the code paths , domain name , but need to see entire error message,


#22

@gotham

https://imgur.com/HBeQ3iG

https://imgur.com/0qhUxtp


#23

@hteo it shows client lacks sufficient authorization . Did you recently change document root of the site ?

https://imgur.com/8Q3ze7L in this you can see Document root . did you change this after generating certs.


#24

no, I haven’t changed it recenlty. The document root is always been the same…
Is there an alternative?Maybe not renew but something that download certs like the first time?


#25

certbot delete --cert-name example.com


#26

Ok, tonight I’ll try.
After I can use this guide to regenerate all the certs?

Thanks


#27

Our certbot documentation is far better than those . i Recommend this . Use web root and u can manually fill the ssl certs inside configs.


#28

By the way, @gotham, this particular explanation of changing DocumentRoot after generating the cert is only relevant to the HTTP-01 challenge (for example using --webroot), but this error shows the TLS-SNI-01 challenge (for example using --apache). This authentication method doesn’t rely on knowing the server’s DocumentRoot.


#29

I have tried this command:

certbot certonly --webroot -w /root/unishare2 -d www.unishare.it -d unishare.it -w /root/unishare2

after deleted the old instance of certbot.

But, I have the usually “lacks of authorization command”


#30

Can you make test files in /root/unishare2 and /root/unishare2/.well-known/acme-challenge to make sure that they are served by your web server and visible in a web browser?


#31

What do you mean with “test files”? Just blank text files?
And also, I haven’t this directory:

/root/unishare2/.well-known/acme-challenge


#32

Yes, @schoen means text files, and better if the files have no extension.

echo -n "test in root" > /root/unishare2/testroot

And try to reach the file:


mkdir -p /root/unishare2/.well-known/acme-challenge/
echo -n "test in acme-challenge" > /root/unishare2/.well-known/acme-challenge/testacme

And try to reach the file:
http://unishare.it/.well-known/acme-challenge/testacme
http://www.unishare.it/.well-known/acme-challenge/testacme

Cheers,
sahsanu


#33

I follow your instructions, but using React and Node JS on my website, I have to create a specific route to reach that files…


#34

Hi @hteo,

I don’t use React nor node.js but if you want to validate your domain using webroot then you need to find a way to answer requests like http://unishare.it/.well-known/acme-challenge/random-string with the content of /root/unishare2/.well-known/acme-challenge/random-string.

As you said, you already created specific routes to serve the test files so I suppose you could create a new one route to serve the challenge keeping in mind that the challenge test file will have random characters.

If your DNS server provides some kind of API to create/modify/delete records you could use DNS challenge instead of HTTP challenge.

Cheers,
sahsanu


#35

@hteo , As you are using Nodejs to serve your site , you should be using Rewrite method or proxy module in apache to match the nodejs service with the domain name .for ex: 127.0.0.1:4006 is matched with domain.com. you can give any folder as document root for this site. Say , create a folder named public_html inside /root/unishare2. place an index.html file there .Now change the document root of the site to /root/unishare/public_html .Now run

certbot certonly -a webroot --webroot-path=/root/unishare2/public_html -d unishare.it -d www.unishare.it

and add it to apache web config for *:443 .Now start your pm2 services .and try renewing .sure it will renew.


#36

"As you said, you already created specific routes to serve the test files " no, I didn’t do that
@gotham I have that folder on my website! now I try to use it.Thanks!


#37

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.