inside /opt/
there is
/opt
├── certbot-auto
└── eff.org
└── certbot
└── venv
├── bin
│ ├── activate
│ ├── activate.csh
│ ├── activate.fish
...
This is usually the moment when I start deleting stuff and then mess up everything even worst.
9peppe
April 1, 2020, 9:42am
22
backup, before.
or move instead of delete.
1 Like
Ubuntu can backup?
So, who should I kill? Or delete?
9peppe
April 1, 2020, 9:44am
24
man tar
tar -cf ~/filename.tar /directory/to/backup
1 Like
Ok so do that tar backup and then
delete:
/etc/cron.d/letsencrypt
and also delete
/opt/certbot-auto
?
9peppe
April 1, 2020, 9:54am
26
you can delete the entire /opt directory, if the only contents are certbot-auto
and eff.org
(whose contents are certbot
only)
but before you might want to run certbot renew --dry-run
to see if your non-auto certbot works.
1 Like
Well that was a lot of red:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.ryuuzaki.jp
Cleaning up challenges
Attempting to renew cert (mail.ryuuzaki.jp) from /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ryuuzaki.jp
Cleaning up challenges
Attempting to renew cert (ryuuzaki.jp) from /etc/letsencrypt/renewal/ryuuzaki.jp.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem (failure)
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem (failure)
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)
9peppe
April 1, 2020, 10:02am
28
this is another issue. you should probably use another authenticator, --webroot
or whatever is proper for your http server (--apache
or --nginx
, but these also install certificates).
don't forget --dry-run
, you are dancing on rate limits.
2 Likes
I have no idea what was all that, but somehow I added --apache and no more red:
sudo certbot renew --apache --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.ryuuzaki.jp
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ryuuzaki.jp
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem (success)
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
so now I delete
/opt
and
/etc/cron.d/letsencrypt
?
9peppe
April 1, 2020, 10:08am
30
yep, but make sure that the config files in /etc/letsencrypt/renewal
know to use apache instead of standalone
1 Like
so change
authenticator = standalone
for
authenticator = apache
inside both configuration files?
9peppe
April 1, 2020, 10:12am
32
I think so, yes. It should work. Then check with certbot renew --dry-run
to see if it pulls the config from those files.
1 Like
It seems like it did like it this time, no red:
sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer None
Renewing an existing certificate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer None
Renewing an existing certificate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem (success)
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
now kill the file and folder?
Ok I thought I back-up but I didn’t and killed the 2 files and folder.
After that run the --dry-run thingy without --apache and still no errors.
Is there a way to check that the certbot will run automatically in the future?
9peppe
April 1, 2020, 10:26am
37
The systemctl list-timers
command should tell you when the next run is.
And systemctl status certbot
should tell you something more on the last run
1 Like
Absolutely gorgeous!!!
Thank you so much!!
Dude, hit me up anytime if you need anything from Tokyo.
I owe you a big one! You saved me!
3 Likes
system
Closed
May 1, 2020, 10:29am
39
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.