Renouvellement de certificat


#121

writing EC key
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAECnSJ6YK/0ffyGNGUuHQEezaJiBa9E4cs
GhNq6c5GzBOJ21EpOVTWkcbSl9k8atXpOxMNathqAlJy+sxD1LZ7Qjxowshp9ypj
t3ITGfYLyFzb6/btaLvWSfpHu3T72wJJ
-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAECnSJ6YK/0ffyGNGUuHQEezaJiBa9E4cs
GhNq6c5GzBOJ21EpOVTWkcbSl9k8atXpOxMNathqAlJy+sxD1LZ7Qjxowshp9ypj
t3ITGfYLyFzb6/btaLvWSfpHu3T72wJJ
-----END PUBLIC KEY-----
-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgISA8T5aoKESp64pFlr+I5/jgPmMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMTcyMTA4MzZaFw0x
OTAzMTcyMTA4MzZaMB8xHTAbBgNVBAMTFGNsb3VkLmh1Z29jbG80MTEueHl6MHYw
EAYHKoZIzj0CAQYFK4EEACIDYgAECnSJ6YK/0ffyGNGUuHQEezaJiBa9E4csGhNq
6c5GzBOJ21EpOVTWkcbSl9k8atXpOxMNathqAlJy+sxD1LZ7Qjxowshp9ypjt3IT
GfYLyFzb6/btaLvWSfpHu3T72wJJo4ICaTCCAmUwDgYDVR0PAQH/BAQDAgeAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud
DgQWBBTIm4glvPtPyvUIRPX664B/a5xzyzAfBgNVHSMEGDAWgBSoSmpjBH3duubR
ObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9v
Y3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9j
ZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB8GA1UdEQQYMBaCFGNsb3VkLmh1
Z29jbG80MTEueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEB
MCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBAYK
KwYBBAHWeQIEAgSB9QSB8gDwAHUAdH7agzGtMxCRIZzOJU9CcMK//V5CIAjGNzV5
5hB7zFYAAAFnvja3IAAABAMARjBEAiB9R2sqV9usUdjXf456xN7zflbJzlV/JmvY
sWpFqMRkFQIgXmVSHa8NItAaeu439vmoILRYZsVQSvdsiWG2qVYmJoUAdwApPFGW
VMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWe+NrdYAAAEAwBIMEYCIQCk
HbPzopJwaVo+ayAQ3VtOiZB/bijqU3Je7KVGGnKWwQIhAK9eCmeUrU/haG7/UrKa
ctzsznOO/L+sKoNZKEuBlWDwMA0GCSqGSIb3DQEBCwUAA4IBAQAhACYIJJED5bOe
wGWbSjtGPOJwJ2rnUKcqxp1gyBA3YMsWmZMfscsS82ydYnWQoW8E5djeoWUoAz7k
9urgKkASwbBNryw28h8ZOfB1+E5i90aJPHnOoNgM+/q2RiL8HQmTgjtEGsjDG/hT
7LrxhqZ5eZZI92kKtc6F1p4yl30eEkxv7crPaVPBI0glL5v2SlU2X0NsNJzT5Bc7
2Ju0FJEbipLLua+cDCQhVnMATS/Zv6ksZJerugalR8SCwnIRzGafa40dY7xbr3Ie
ge3Nl86k6WeY1yiC9gxeQNAukxPzbMW2+qVdbrZ87i8+Fka4yBbnkwhVr2PvP6cs
hLDy9yfl
-----END CERTIFICATE----


#122

systemclt start nginx
bash: systemclt: command not found

i use service nginx start


#123

They match!


#124

nginx: [emerg] PEM_read_bio_X509_AUX("/root/.acme.sh/chat.hugoclo411.xyz_ecc/fullchain.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: configuration file /etc/nginx/nginx.conf test failed

This error is very new to me and confusing…


#125

Please upload (or paste.bin) this file so I can confirm it is nor “broken”.
/root/.acme.sh/chat.hugoclo411.xyz_ecc/fullchain.cer


#126

Please also upload (or paste.bin) this file to confirm it is also configured properly:
/etc/nginx/sites-enabled/nextcloud.conf


#127

Also, lets recheck this location (since you have deleted and added to this folder):
grep '\-\-\-\-' /root/.acme.sh/cloud.hugoclo411.xyz_ecc/*


#128

Upload a new (we have made many changes)
nginx -T


#129

This seems to have an unnecessary parameter ("–ecc"):

According to: https://github.com/Neilpang/acme.sh/wiki/Options-and-Params
–ecc Specifies to use the ECC cert. Valid for ‘–installcert’, ‘–renew’, ‘–revoke’, ‘–toPkcs’ and ‘–createCSR’
It does NOT mention for use with “–issue”.

Also you tend to immediately after “–issue” also run “–installcert” which seems redundant and could be causing problems:
–installcert Install the issued cert to apache/nginx or any other server.
[this part has already been done manually - and it should only be done once]

I’m sorry the server appears to be down.
I think if you revert the rocket.conf, you should be able to restart the web service (until we can figure out how to proceed).


#130

nginx -T
nginx: [emerg] PEM_read_bio_X509_AUX("/root/.acme.sh/chat.hugoclo411.xyz_ecc/fullchain.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: configuration file /etc/nginx/nginx.conf test failed


#131

Revert to these lines in file: /etc/nginx/sites-enabled/rocket.conf


#132

Hello
Web server is OK :slight_smile:


#133

I’m glad to see that it is working again.
But it may still need some work: https://www.ssllabs.com/ssltest/analyze.html?d=cloud.hugoclo411.xyz


#134
With this command (certbot certificates)i have : 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Attempting to parse the version 0.29.1 renewal configuration file found at /etc/letsencrypt/renewal/hugoclo411.xyz.conf with version 0.10.2 of Certbot. This might not work.


Found the following certs:
Certificate Name: hugoclo411.xyz
Domains: hugoclo411.xyz cloud.hugoclo411.xyz
Expiry Date: 2019-03-17 18:52:53+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/hugoclo411.xyz/fullchain.pem
Private Key Path: /etc/letsencrypt/live/hugoclo411.xyz/privkey.pem

after i add domain on my certificate with ths command
certbot certonly --cert-name hugoclo411.xyz -d hugoclo411.xyz -d cloud.hugoclo411.xyz -d chat.hugoclo411.xyz

after i have the same result with certbot certificates

How add domain in certificate ?


#135

I forgot service nginx stop :smile:

All is OK.

THX THX


#136

OK so certbot works and you now have all three domains on one cert.
I’m glad :smile:


#137

acme.sh’s documentation says to use the --install-cert command to copy the files and set up a renewal hook to reload your web server, rather than directly using the files in /root/.acme.sh/.

--install-cert doesn’t configure your web server, though.