I have problem with renewing. After running the command below and copying DNS values to Server i tried to upload fullchain.txt and privkey.txt but get the error message that key not belongs to certificate.
Thanks a lot for help.
I ran this command for renewing (certificate expires 6. June) : sudo certbot -d "reise-partner.com,*.reise-partner.com" --manual-public-ip-logging-ok --manual --preferred-challenges dns certonly
It produced this output: 2 DNS values which i copied to HostEurope DNS Name services and showing with DNS lookup
The operating system my web server runs on is (include version): I did run certbot commands on local macOS
My hosting provider, if applicable, is: Host Europe
I can login to a root shell on my machine (yes or no, or I don't know): NOT KNOW , can work with SSH
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Thanks for you valued help. When I do the manual create command with extra "--key.." I get following message and I do not want to run into rae limit problems as I have no idea of it. I run Certbot 1.18.0 and I did for other domain creation on 25. May without problem. This is actually first time I do renewal which is now due for "reise-partner" ...
thank you
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/reise-partner.com.conf)
What would you like to do?
1: Keep the existing certificate for now
2: Renew & replace the certificate (may be subject to CA rate limits)
Thank you very much for your help - i luckily was able to help myself and want to share with other people maybe running into same issue.
Locally the following files will be produced when doing the ceritficate new :
/etc/letsencrypt/live/reise-partner.com/fullchain.pem and privkey.pem
I do copy both to another place locally with ending ".txt" and chmod +r afterwards
These files did not work
But also when doing the process files will be placed into
/etc/letsencrypt/archive/reise-partner.com
with names like fullchain1.pem , fullchain2.pem .... as well as for privkey files
If I do use the latest from this archive folder and copy / chmod as above Host Europe accepts ...
I would not recommend setting chmod +r for everything in the Let's Encrypt archive, as that probably would also give world read access to the private keys. Which is bad.
Misunderstanding - I do copy the files from archive to other local folder renaming from ".pem" to ".txt". Afterwards I run "chmod +r" on the ".txt" files. These files i can upload to Host Europe. HE does not accept ".pem" endings and only after "chmod +r" ... hope this clarifies
I keep them only on my local machine as I run certbot locally, once I renew I delete old, but of course I could delete as well as I still have the ".pem" files