I do not understand your concern. You have two certificates on your system right now. One has a 0001 suffix and the other has a 0002. At some point in the past you had one with no numeric suffix but due to changes you are now getting these variations. If you want to proceed with the 0002 just follow my prior advice. If you want to reset your system to avoid these numeric suffixes then you should consult with the people who built that script.
2 Likes
I didn't build this server by my self, so I prefer to not make changes to files. That's why I'm asking if it's possible to change the the domains of the 0001 cert with certbot command so the cert is the only thing that will change
But it looks like you tried to do that in your first post and it did not work. We have seen that script you used frequently and it is difficult to work with. I am not sure how to instruct you about that further. Maybe someone else will want to try or I suggest visiting a forum that supports that script.
2 Likes
No I didn't tried that yet, in my first post I executed the script which creates a new cert.
What I'm asking now is to change the domains of the cert by using this cerbot command:
certbot certonly --cert-name amap.perfotec.com -d amap.perfotec.com hub.perfotec.com mapsync.perfotec.com clmsv2.perfotec.com
You don't have a cert with that name so you would get a new cert with that name (no numeric suffix). Your nginx points to the 0001 so would not see it and need changing anyway.
Maybe using the -0001 name as the --cert-name would work.
I understand Certbot well but I do not understand your overall script and the implications of using it. It does not use Certbot in any recommended way. Your reluctance to change nginx also makes things difficult. Someone modified nginx to point to -0001 at some point.
If you are the new admin of this system you need to find a method that works for you.
2 Likes
Okay so this command should renew the 0001 cert. Nginx uses that cert so it should work right?
certbot certonly --cert-name amap.perfotec.com-0001 -d amap.perfotec.com hub.perfotec.com mapsync.perfotec.com clmsv2.perfotec.com
In this way I don't need to change nginx
Pretty much asked and answered already
2 Likes
I followed your advice to update nginx in this way, but when I restart the server, nginx changes back to the old config with 0001 as cert. Before restart nginx -T shows 0002 is used as cert.
Is there something I'm doing wrong when updating nginx?
How exactly did you update nginx?
I'd think so.
2 Likes
In a sudo -s I changed the nginx.conf file. I changed this specific lines:
ssl_certificate /etc/letsencrypt/live/amap.perfotec.com-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/amap.perfotec.com-0001/privkey.pem;
to:
ssl_certificate /etc/letsencrypt/live/amap.perfotec.com-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/amap.perfotec.com-0002/privkey.pem;
Using an editor?
Did you exit that properly?
Can you check to see if your changes are still there after you exit?
2 Likes
I used nano and I executed nginx -T after this change. That showed the 0002 cert
1 Like
And then you restart the server.
And then you check the cert. [How?]
And then you rechecked "nginx -T" for the "-0002"?
1 Like
Yes then I restart the server, I checked the used cert in my browser and rechecked nginx -T which showed the -0001 cert
Did you make any scripts to do anything with that config file?
Is there any cron type job that copies/restores that config file or folder?
1 Like
I think I found something like that in my Gitlab CI/CD
1 Like
Then there is likely another file/folder that keeps the original.
Your edits of the copy, gets overwritten by the original whenever that script runs.
You need to find and edit the original.
2 Likes
I found the original and after changing that one, the nginx config was updated to the 0002 cert.
It's using the new cert, but hub.perfotec.com receives a 400 Bad request error. This is the error log:
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'hub.perfotec.com'. You may need to add 'hub.perfotec.com' to ALLOWED_HOSTS.
The current Allowed_host does not contain the working urls such as amap.perfotec.com
Is this something you can help me?
The nginx -T you showed earlier does not handle the domain hub.perfotec.com
I think you need to review your nginx and django configs and see how you want them to work. Your amap subdomain proxies back to web:8000 in nginx. I don't see anything in that nginx specifically for the hub subdomain. Should there be?
There's lots of ways to configure servers. It's up to you to choose what works best for you
2 Likes
right now nginx is using the 0002 cert which contains the hub.perfotec.com domain.
When is check the cert via this site, it is also OK https://www.ssllabs.com/ssltest/analyze.html?d=hub.perfotec.com