Renew SSL Certificate

9peppe · April 27, 2022, 4:44pm

Go on the "wildcard" tab here: Certbot Instructions | Certbot

Then read here: Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation

shahjs2002 · April 27, 2022, 4:46pm

Thu 2022-04-28 02:45:27 +03 6h left Wed 2022-04-27 17:17:14 +03 2h 28min ago certbot.timer certbot.service

this i already have in timer list.

9peppe · April 27, 2022, 4:47pm

I posted the instructions because you need to install the cloudflare plugin

shahjs2002 · April 27, 2022, 4:59pm

okie sir . let me try to understand and install

shahjs2002 · April 27, 2022, 5:36pm

i found some firewall settings , and i change these settings and now no error msg.

a@press:~$ sudo certbot renew --dry-run
[sudo] password for a:

Processing /etc/letsencrypt/renewal/press.alwatan.com.sa.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for press.alwatan.com.sa
Waiting for verification...
Cleaning up challenges

new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/press.alwatan.com.sa/fullchain.pem

** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/press.alwatan.com.sa/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)

9peppe · April 27, 2022, 5:41pm

You got lucky. There is some bigger issue at play here.

% docker run -ti --rm docker.io/certbot/certbot certonly --staging --webroot -w . --agree-tos --register-unsafely-without-email -d press.alwatan.com.sa
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Account registered.
Requesting a certificate for press.alwatan.com.sa

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: press.alwatan.com.sa
  Type:   connection
  Detail: 37.224.110.174: Fetching http://press.alwatan.com.sa/.well-known/acme-challenge/WeJKOp1JTi0wgg_2shDkWrVhY_V5siyLe3NGjtVN3uk: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

shahjs2002 · April 27, 2022, 5:42pm

but still it's show valid till 29 May 2022. it's not extend

9peppe · April 27, 2022, 5:46pm

That's expected, you used --dry-run -- that option doesn't get a production certificate, just a staging one, and doesn't even save it.

shahjs2002 · April 27, 2022, 5:48pm

then what to do ? or should we wait for automatic timer request

9peppe · April 27, 2022, 5:49pm

29th May means it's not even trying to renew it automatically, right now.

If I were you, I'd just edit the certbot timer to try 4-6 times a day instead of the standard 2, and I'd call it a day.

It only has to succeed once in the 10 days between Apr 29th and Apr 39th, I mean, May 9th.

shahjs2002 · April 27, 2022, 5:51pm

it will again try after 8 hours ... so when the time comes for automatic try i'll do change in firewall to allow ... and when it's done then i'll close firewall again .

9peppe · April 27, 2022, 5:57pm

You can just leave it open, you know.

Or use --pre-hook and --post-hook in certbot

shahjs2002 · April 27, 2022, 5:58pm

the problem i don't know the linux base operating system. even i am checking commands in google and then i use.

9peppe · April 27, 2022, 6:01pm

that you can learn. just don't learn on youtube. or random blogs. go to the actual source and read the documentation.

if you have questions on a command, you can run man command and you'll get information (close with q)

shahjs2002 · April 27, 2022, 6:03pm

Thank you very much for your support and guideline . appreciate every one . after 8 hours when time near to automatic try i'll open configure firewall to check .

shahjs2002 · April 27, 2022, 6:06pm

i am on cerbot.timer
[Unit]
Description=Run certbot twice daily

[Timer]
OnCalendar=--* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true

[Install]
WantedBy=timers.target

what changes i have to make to make automatic try more than 2 times a day

9peppe · April 27, 2022, 6:10pm

You don't edit that file.

You use systemctl edit certbot.timer to override some parts. Specifically, you add a modified OnCalendar directive:

[Timer]
OnCalendar=--* 00,04,08,12,16,20:00:00
RandomizedDelaySec=14400

shahjs2002 · April 27, 2022, 6:18pm

i try but when i try to :wq said it's not editor command ...

i use Vi and vim editor

9peppe · April 27, 2022, 6:20pm

what's

echo $EDITOR ?

shahjs2002 · April 27, 2022, 6:21pm

i don't know but i access file. cerbot.timer using command.
vim cerbot.timer