I recently transferred my hosting to namecheap and unfortunately I have just found out they "force" you to buy their paid for SSL.
The thing is my old hosting had automatically provided SSL via Let's Encrypt (that will expire in a couple of weeks).
Now I just want to renew the SSL that I have via Let's Encrypt because I don't want to have the namecheap "embedded" SSL. Is there an easy way to renew vs fresh install?
Welcome to the Let's Encrypt Community
Do you have root access to your hosting account? If so, try using certbot. If not, you can use this:
There is no difference whatsoever between a "renewed" certificate and a new certificate.
certsage.php and acquired production certificate and went well.
Now I can't find the certsage folder as per the instructions.
It's all OK now.
Thank you so very much!!!
One final question: will I have to do this every 3 months? Or is there a way to automatically renew the certificate?
That is controlled/limited by the Hosting Service Provider (HSP) [not LE, nor CertSage]
At present you will need to repeat the process every 60-90 days. In an upcoming release, I am planning to add some architectural extensions to CertSage so that it can also be run from the command line, which will allow the use of automation methods (like crontabs and such) to run CertSage periodically to acquire new certificates. As long as certificate installation can be automated as well (automatic cPanel installation is coming soon too), that will often make fully automated renewals possible, even with the most uncooperative of hosting service providers.
Think also about cron running on other machines, like if I put something to run
curl -qL http://example.com/CertSage.php?cron
several times a week on some random machine.
That's an interesting thought, @9peppe.
It kinda turns CertSage into a rest-ish app. At present the parameters are POST and not GET though. Definitely interesting...
It is a neat idea and it does kinda. Make sure you add some sort of auth-key to avoid becoming a vector for bots
I'd stick with POST, GET is logged and in some environments that would mean the auth key (which you'd definitely need) would be in the log file, which you perhaps don't control.
So @rg305, to make sure I understand you, if someone acquired a certificate using CertSage, it's the hosters job to renew that same certificate issued using CertSage?
The ability to put anything in place that can allow/control autorenewals is managed by the HSP.
Especially in the cases where CertSage was the only choice left and had to be used [shared hosting].
I didn't say it was anyone's job to enable renewals.
What I said/meant was much is controlled by the HSP and one should talk with them about how best to enable autorenewals on their system [LE nor CertSage can do much in such cases].
Hopefully I can change that soon.
You probably don't need it. Just make sure that if you call it with
?cron it can do one thing and one thing only, and only if it hasn't done it in the last X hours.
Then I misunderstood the meaning of "controlled" in your post.
Indeed, there's not much wrong with a renewal triggered by an external user instead of a cron ran twice a day (No sarcasm FYI.)
And with ARI an ACME client should be run even more frequent than twice a day!
That said, the above obviously depends on the load such a trigger would have on a system. If the load is minimal, i.e.: less than that of e.g.
index.php for the main website, then it reaaally doesn't matter. Instead, if the cron part of CertSage impacts a significant load on the host, then it would be wise to limit access to it.
Http basic auth or an authorization token via either get or post like most dynamic DNS providers also work, but it might be a bit of a needless complication. That's why I said to only run the cron every X hours (and certsage should refuse to run it if the last run is more recent than X)
It's rendered moot if you call it over http, though
Or, if you want the extreme overkill and security over unencrypted http, you have to implement some kind of nonce against replay attacks
curl -qL http://example.com/certsage.php?nonce=$(cat next_nonce)&cron > next_nonce
cat is probably not the right command)
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.