Renouvellement de certificat


#101

I delete file and after acme.sh --force --standalone --issue -d cloud.hugoclo411.xyz --keylength ecc-384


#102

or allow acme.sh to remove it for you:
it may be:
acme.sh --remove cloud.hugoclo411.xyz

if not, show list of cert names:
acme.sh --list
acme.sh --remove {your cert name}


#103

Main_Domain KeyLength SAN_Domains Created Renew
chat.hugoclo411.xyz “ec-384” no Mon Dec 17 18:15:44 UTC 2018 Fri Feb 15 18:15:44 UTC 2019
cloud.hugoclo411.xyz “” no
pyload.hugoclo411.xyz “ec-384” no Thu Nov 1 08:53:29 UTC 2018 Mon Dec 31 08:53:29 UTC 2018


#104

#105

acme.sh --remove -d cloud.hugoclo411.xyz --ecc
[Mon Dec 17 22:46:15 CET 2018] cloud.hugoclo411.xyz is removed, the key and cert files are in /root/.acme.sh/cloud.hugoclo411.xyz_ecc
[Mon Dec 17 22:46:15 CET 2018] You can remove them by yourself.


#106

ls -l /root/.acme.sh/cloud.hugoclo411.xyz_ecc


#107

ls -l /root/.acme.sh/cloud.hugoclo411.xyz_ecc
total 8
-rw-r–r-- 1 root root 162 Dec 17 22:35 cloud.hugoclo411.xyz.conf.removed
-rw-r–r-- 1 root root 215 Dec 17 22:35 cloud.hugoclo411.xyz.csr.conf
-rw-r–r-- 1 root root 0 Dec 17 22:35 cloud.hugoclo411.xyz.key


#108

key remains
it must go or rename it too.


#109

Then:

also openssl version look good.


#110

/.acme.sh# acme.sh --force --standalone --issue -d cloud.hugoclo411.xyz --k ec-384
[Mon Dec 17 22:58:01 CET 2018] Unknown parameter : --k


#111

Main_Domain KeyLength SAN_Domains Created Renew
chat.hugoclo411.xyz “ec-384” no Mon Dec 17 18:15:44 UTC 2018 Fri Feb 15 18:15:44 UTC 2019
cloud.hugoclo411.xyz “ec-384” no Mon Dec 17 21:59:03 UTC 2018 Fri Feb 15 21:59:03 UTC 2019
pyload.hugoclo411.xyz “ec-384” no Thu Nov 1 08:53:29 UTC 2018 Mon Dec 31 08:53:29 UTC 2018


#112

This is strange.
I use -k all the time with acme.sh

But I see that you got a new cert?:


#113

Not:
double dash K (--k)
should be:
single dash K (-k)


#114

#115

-rw-r–r-- 1 root root 1647 Dec 17 23:08 ca.cer
-rw-r–r-- 1 root root 1688 Dec 17 23:08 cloud.hugoclo411.xyz.cer
-rw-r–r-- 1 root root 516 Dec 17 23:08 cloud.hugoclo411.xyz.conf
-rw-r–r-- 1 root root 538 Dec 17 23:08 cloud.hugoclo411.xyz.csr
-rw-r–r-- 1 root root 215 Dec 17 23:08 cloud.hugoclo411.xyz.csr.conf
-rw-r–r-- 1 root root 359 Dec 17 23:08 cloud.hugoclo411.xyz.key
-rw-r–r-- 1 root root 3335 Dec 17 23:08 fullchain.cer


#116

Beautiful!

File:
/etc/nginx/sites-enabled/nextcloud.conf
contians:
ssl_certificate /root/.acme.sh/cloud.hugoclo411.xyz_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.key;

And both files now exist!

restart web server.


#117

ssl_certificate /root/.acme.sh/cloud.hugoclo411.xyz_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.key;


#118

The files are good.

systemclt start nginx;

if fail, then show:
nginx -t
If it works, go have a bottle of wine!


#119

nginx: [emerg] PEM_read_bio_X509_AUX("/root/.acme.sh/chat.hugoclo411.xyz_ecc/fullchain.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: configuration file /etc/nginx/nginx.conf test failed


#120

Well that is unfortunate - we going in circles, it seems.

Ok, please show:

openssl ec   -pubout -in /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.key
openssl x509 -pubkey -in /root/.acme.sh/cloud.hugoclo411.xyz_ecc/cloud.hugoclo411.xyz.cer