I am running my init-letsencrypt.sh file on the server so it should create a new certificate with the given domain names. But when I check the used cert, it's still the old one.
My domain is: amap.perfotec.com
I ran this command:
#!/bin/bash
if ! [ -x "$(command -v docker)" ]; then
echo 'Error: docker is not installed.' >&2
exit 1
fi
domains=(amap.perfotec.com mapsync.perfotec.com hub.perfotec.com clmsv2.perfotec.com )
rsa_key_size=2048
data_path="./data/certbot"
email="j.kempe@ma-it.nl" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
if [ -d "$data_path" ]; then
read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
exit
fi
fi
if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
echo "### Downloading recommended TLS parameters ..."
mkdir -p "$data_path/conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
echo
fi
echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains"
docker compose -f docker-compose.prod.yml run --rm --entrypoint "
openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1
-keyout '$path/privkey.pem'
-out '$path/fullchain.pem'
-subj '/CN=localhost'" certbot
echo
echo "### Starting nginx ..."
docker compose -f docker-compose.prod.yml up --force-recreate -d nginx
echo
echo "### Deleting dummy certificate for $domains ..."
docker compose -f docker-compose.prod.yml run --rm --entrypoint "
rm -Rf /etc/letsencrypt/live/$domains &&
rm -Rf /etc/letsencrypt/archive/$domains &&
rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
echo
echo "### Requesting Let's Encrypt certificate for $domains ..."
#Join $domains to -d args
domain_args=""
for domain in "${domains[@]}"; do
domain_args="$domain_args -d $domain"
done
Select appropriate email arg
case "$email" in
"") email_arg="--register-unsafely-without-email" ;;
*) email_arg="--email $email" ;;
esac
Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi
docker compose -f docker-compose.prod.yml run --rm --entrypoint "
certbot certonly --webroot -w /var/www/certbot
$staging_arg
$email_arg
$domain_args
--rsa-key-size $rsa_key_size
--key-type rsa
--agree-tos
-v
--force-renewal" certbot
echo
echo "### Reloading nginx ..."
docker compose -f docker-compose.prod.yml exec nginx nginx -s reload
It produced this output:
Existing data found for amap.perfotec.com. Continue and replace existing certificate? (y/N) y
Creating dummy certificate for amap.perfotec.com ...
...+++++++++++++++++++++++++++++++++++++++..+++++++++++++++++++++++++++++++++++++++.........+......+.....+.......+..............+...+.............+..+.......+...........+...+.+...+......+.....+......+...+...+......................+...+..+.+............+.................+............+...+...+...+.+.....+......+..........+..+................+......+...+......+.........+..+....+.....+.+.....+.+...+.....+....+..+.........+.+.....+...............+.+.........+.........+..+............+.+.....+......+.+...+.................+.........................++++++
..........+......+......+...+......+.....+..........+..+....+++++++++++++++++++++++++++++++++++++++.....+.+..............+...+......+...................+..+....+..+.......+.....+.+.....+.+......+...+.........+..+.+..+.............+...+.....+.......+.....+....+...+..+.+............+..+...+............+...+++++++++++++++++++++++++++++++++++++++.+.......+.....+......+.......+..+...+......+.+.........+.........+...+.....+.........+.........+....+.....+.......+......+..+......+.+.........+.....+.+......+........+..........+.........+..+..........+.....+......+.......+...........+.+...+.................+....+..+...+....+...+........+.+...+...+...+.........+..+......+.........+..........+........+................+......+.........+..+...+.+......+..+...+.........+.............+.....+.+...........+....+..+...+............+....+.........+......+.....+.+..+..........+........+...+......+.........+....+...+..+.+......+.....+...+......+.+........++++++
Starting nginx ...
[+] Running 3/3
Container clmsv2-db-1 Running 0.0s
Container clmsv2-web-1 Running 0.0s
Container clmsv2-nginx-1 Started 10.6s
Deleting dummy certificate for amap.perfotec.com ...
Requesting Let's Encrypt certificate for amap.perfotec.com ...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate for amap.perfotec.com and 3 more domains
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/....
Key is saved at: /etc/letsencrypt/....
This certificate expires on 2024-06-06.
These files will be updated when the certificate renews.
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See User Guide — Certbot 2.10.0.dev0 documentation for instructions.
If you like Certbot, please consider supporting our work by:
- Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
- Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation