Go on the "wildcard" tab here: Certbot Instructions | Certbot
Then read here: Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation
Go on the "wildcard" tab here: Certbot Instructions | Certbot
Then read here: Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation
Thu 2022-04-28 02:45:27 +03 6h left Wed 2022-04-27 17:17:14 +03 2h 28min ago certbot.timer certbot.service
this i already have in timer list.
I posted the instructions because you need to install the cloudflare plugin
okie sir . let me try to understand and install
i found some firewall settings , and i change these settings and now no error msg.
a@press:~$ sudo certbot renew --dry-run
[sudo] password for a:
Processing /etc/letsencrypt/renewal/press.alwatan.com.sa.conf
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for press.alwatan.com.sa
Waiting for verification...
Cleaning up challenges
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/press.alwatan.com.sa/fullchain.pem
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/press.alwatan.com.sa/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
You got lucky. There is some bigger issue at play here.
% docker run -ti --rm docker.io/certbot/certbot certonly --staging --webroot -w . --agree-tos --register-unsafely-without-email -d press.alwatan.com.sa
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Account registered.
Requesting a certificate for press.alwatan.com.sa
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: press.alwatan.com.sa
Type: connection
Detail: 37.224.110.174: Fetching http://press.alwatan.com.sa/.well-known/acme-challenge/WeJKOp1JTi0wgg_2shDkWrVhY_V5siyLe3NGjtVN3uk: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
but still it's show valid till 29 May 2022. it's not extend
That's expected, you used --dry-run
-- that option doesn't get a production certificate, just a staging one, and doesn't even save it.
then what to do ? or should we wait for automatic timer request
29th May means it's not even trying to renew it automatically, right now.
If I were you, I'd just edit the certbot timer to try 4-6 times a day instead of the standard 2, and I'd call it a day.
It only has to succeed once in the 10 days between Apr 29th and Apr 39th, I mean, May 9th.
it will again try after 8 hours ... so when the time comes for automatic try i'll do change in firewall to allow ... and when it's done then i'll close firewall again .
You can just leave it open, you know.
Or use --pre-hook
and --post-hook
in certbot
the problem i don't know the linux base operating system. even i am checking commands in google and then i use.
that you can learn. just don't learn on youtube. or random blogs. go to the actual source and read the documentation.
if you have questions on a command, you can run man command
and you'll get information (close with q)
Thank you very much for your support and guideline . appreciate every one . after 8 hours when time near to automatic try i'll open configure firewall to check .
i am on cerbot.timer
[Unit]
Description=Run certbot twice daily
[Timer]
OnCalendar=--* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true
[Install]
WantedBy=timers.target
what changes i have to make to make automatic try more than 2 times a day
You don't edit that file.
You use systemctl edit certbot.timer
to override some parts. Specifically, you add a modified OnCalendar
directive:
[Timer]
OnCalendar=--* 00,04,08,12,16,20:00:00
RandomizedDelaySec=14400
i try but when i try to :wq said it's not editor command ...
i use Vi and vim editor
what's
echo $EDITOR
?
i don't know but i access file. cerbot.timer using command.
vim cerbot.timer