inside /opt/
/opt
├── certbot-auto
└── eff.org
└── certbot
└── venv
├── bin
│ ├── activate
│ ├── activate.csh
│ ├── activate.fish
...
This is usually the moment when I start deleting stuff and then mess up everything even worst.
9peppe
April 1, 2020, 9:42am
22
backup, before.
or move instead of delete.
1 Like
9peppe
April 1, 2020, 9:44am
24
man tar
tar -cf ~/filename.tar /directory/to/backup
1 Like
Ok so do that tar backup and then
delete:
/etc/cron.d/letsencrypt
and also delete
/opt/certbot-auto
?
9peppe
April 1, 2020, 9:54am
26
you can delete the entire /opt directory, if the only contents are certbot-auto and eff.org (whose contents are certbot only)
but before you might want to run certbot renew --dry-run to see if your non-auto certbot works.
1 Like
Well that was a lot of red:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.ryuuzaki.jp
Cleaning up challenges
Attempting to renew cert (mail.ryuuzaki.jp) from /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ryuuzaki.jp
Cleaning up challenges
Attempting to renew cert (ryuuzaki.jp) from /etc/letsencrypt/renewal/ryuuzaki.jp.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem (failure)
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem (failure)
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)
9peppe
April 1, 2020, 10:02am
28
this is another issue. you should probably use another authenticator, --webroot or whatever is proper for your http server (--apache or --nginx, but these also install certificates).
don't forget --dry-run, you are dancing on rate limits.
2 Likes
I have no idea what was all that, but somehow I added --apache and no more red:
sudo certbot renew --apache --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.ryuuzaki.jp
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ryuuzaki.jp
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem (success)
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
so now I delete
/opt
and
/etc/cron.d/letsencrypt
?
9peppe
April 1, 2020, 10:08am
30
yep, but make sure that the config files in /etc/letsencrypt/renewal know to use apache instead of standalone
1 Like
so change
authenticator = standalone
for
authenticator = apache
inside both configuration files?
9peppe
April 1, 2020, 10:12am
32
I think so, yes. It should work. Then check with certbot renew --dry-run to see if it pulls the config from those files.
1 Like
It seems like it did like it this time, no red:
sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer None
Renewing an existing certificate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer None
Renewing an existing certificate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem (success)
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
now kill the file and folder?
Ok I thought I back-up but I didn’t and killed the 2 files and folder.
After that run the --dry-run thingy without --apache and still no errors.
Is there a way to check that the certbot will run automatically in the future?
9peppe
April 1, 2020, 10:26am
37
The systemctl list-timers command should tell you when the next run is.
And systemctl status certbot should tell you something more on the last run
1 Like
Absolutely gorgeous!!!
3 Likes
system
May 1, 2020, 10:29am
39
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
