domain : www.tipvote.com
Behind DO balance loader so attempted through DNS
Command I ran sudo certbot -d tipvote.com -d www.tipvote.com --nginx --preferred-challenges dns certonly
Response
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/tipvote.com-0002/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/tipvote.com-0002/privkey.pem
Your cert will expire on 2021-01-05. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"
If you like Certbot, please consider supporting our work by:
Errors
certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/tipvote.com-0001.conf produced an unexpected error: expected /etc/letsencrypt/live/tipvote.com-0001/privkey.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/tipvote.com.conf produced an unexpected error: expected /etc/letsencrypt/live/tipvote.com/cert.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/www.tipvote.com-0001.conf produced an unexpected error: expected /etc/letsencrypt/live/www.tipvote.com-0001/chain.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/www.tipvote.com.conf produced an unexpected error: expected /etc/letsencrypt/live/www.tipvote.com/cert.pem to be a symlink. Skipping.
I tried ...
I deleted the live files and tried recreating a symlink with
root@ubuntu-:/etc/letsencrypt/live/www.tipvote.com-0001# ln -s /etc/letsencrypt/archive/tipvote.com/cert1.pem /etc/letsencrypt/live/tipvote.com-0001/cert.pem
root@ubuntu-s-1:/etc/letsencrypt/live/www.tipvote.com-0001# ln -s /etc/letsencrypt/archive/www.tipvote.com/cert1.pem /etc/letsencrypt/live/www.tipvote.com-0001/cert.pem
Now getting an invalid certificate upon going to the site. Please help!
That shouldn't be possible. The nginx authenticator plugin doesn't support the dns-01 challenge. When I run that exact same command, my output is:
server ~ # certbot -d tipvote.com -d www.tipvote.com --nginx --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx (1.8.0.dev0), Installer nginx (1.8.0.dev0)
Obtaining a new certificate
Generating 2048 bits RSA key
Performing the following challenges:
None of the preferred challenges are supported by the selected plugin
server ~ #
Something is terribly wrong with your /etc/letsencrypt directory. This only happens if the directory is manually tampered with.
Here you're mixing up to different so called 'lineages' or 'certificate names': the directory tipvote.com is a different certificate with different configuration files than the tipvote.com-0001 certificate! Also, you seem to have a tipvote.com-0002 certificate, looking at the first certbot output..
You should fix the symbolic links again but now pointing to the correct certificates. Also, you probably want to use the tipvote.com-0002 certificate in your webserver configuration.
Seems to be working for me by the way. Certificate installed is valid until Jan 5 next year.
Those are my 2 troubled vm's. I believe I did fix it and the symlinks dont matter? Also thank you guys for the moral support. Invalid certificates are a scary thing!
When i switchted the tag from --manuel to --nginx it seemed to work easily with my nginx config. I did one last update 10 mins ago as I wasnt sure it was right.
sudo certbot run --cert-name tipvote --nginx -d "tipvote.com,www.tipvote.com" --dry-run
[sudo] password for :
--dry-run currently only works with the 'certonly' or 'renew' subcommands ('run')