OS: Debian 8.
Domain: https://vetco.net
Self-hosted, dedicated hardware.
As root
-user, I followed the “instructions” here:
Specifically:
Step-1. Ran this command:
curl --silent https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl
Step-2. Then this command:
./getssl -c vetco.net
Step-3. Edited this file:
/root/.getssl/getssl.cfg
Changed the ACCOUNT_EMAIL
directive to my e-mail address. No other changes.
Step-4. Edited this file:
/root/.getssl/vetco.net/getssl.cfg
Commented the SANS=
directive, because I have exactly 1 domain.
Specified ACL
directive to:
ACL=('/var/www/vetco/current/public/.well-known/acme-challenge')
Un-commented 2 directives:
DOMAIN_CERT_LOCATION="/etc/ssl/vetco.net.crt"
DOMAIN_KEY_LOCATION="/etc/ssl/vetco.net.key"
Saved file.
Step-5. Ran this command:
getssl vetco.net
Output:
./getssl vetco.net
creating account key /root/.getssl/account.key
creating key - /root/.getssl/account.key
Generating RSA private key, 4096 bit long modulus
.................................++
...............................................................................................................................++
e is 65537 (0x10001)
creating key - /root/.getssl/vetco.net/vetco.net.key
Generating RSA private key, 4096 bit long modulus
...................................................................................................++
.................................................................................................................................................................................................................................................................................++
e is 65537 (0x10001)
creating domain csr - /root/.getssl/vetco.net/vetco.net.csr
Registering account
Registered
Verify each domain
Verifying vetco.net
copying challenge token to /var/www/vetco/current/public/.well-known/acme-challenge/...
Pending
Verified vetco.net
Verification completed, obtaining certificate.
Certificate saved in /root/.getssl/vetco.net/vetco.net.crt
The intermediate CA cert is in /root/.getssl/vetco.net/chain.crt
copying domain certificate to /etc/ssl/vetco.net.crt
copying private key to /etc/ssl/vetco.net.key
getssl: vetco.net - certificate obtained but certificate on server is different from the new certificate
Step-6. Edit Nginx config:
server{
listen 443 ssl;
ssl on;
server_name vetco.net;
ssl_certificate /etc/ssl/vetco.net.crt;
ssl_certificate_key /etc/ssl/vetco.net.key;
...
}
Step-7. Reload Nginx config.
Step-8. Visit website:
“Safari can’t verify the identity of the website Vetco.net”
“The certificate for this site is invalid… this certificate was signed by an untrusted issuer…”, etc.
What do I need to do?
If you go to the website right now, yes, the SSL-cert is fine, because I have reverted the Nginx-config to previous values. However, certs expire in 7 days, so I need to renew.