Trying to renew Letsencrypt certificate on Bitnmai EC2 Wordpress install

I found a great tutorial on how to install Letsencrypt on my Bitnami Wordpress install. Here’s the address

This was a great tutorial! But the guys website just disappeared! (even with Google cache) So I created a SSH connection to my server and using the history command I looked at how I installed letsencrypt with certbot . This was based on the sarathshyam.im tutorial. Again his website just disappeared!

1.cd htdocs

  1. mkdir certbotsetup

  2. cd certbotsetup

  3. wget https://dl.eff.org/certbot-auto

5.chmod a+x cerbot-auto

6…/certbot-auto certonly --webroot -w /home/bitnami/apps/wordpress/htdocs/ -d yeah-nothing.com -d www.yeah-nothing.com

  1. sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf

8.nano /home/bitnami/apps/wordpress/conf/httpd-prefix.conf

  1. sudo /opt/bitnami/ctlscript.sh restart apache

Is my certificate on auto renew? I got an email from letsencrypt saying my certificate was about to expire. Whats the proper way to renew my lets encrypt cert? help please

Lance

Hi @yeah-nothing,

If you didn’t create an entry in your cron… no, certbot-auto doesn’t renew the certificate automatically.

Yes, it expires in 17 days.

CRT ID     DOMAIN (CN)       VALID FROM             VALID TO                EXPIRES IN  SANs
100473088  yeah-nothing.com  2017-Mar-08 20:55 CET  2017-Jun-06 21:55 CEST  17 days     www.yeah-nothing.com
                                                                                        yeah-nothing.com

Add a job to root’s crontab, something like this:

# crontab -e

And now add a line like:

17 */12 * * * /path/to/certbot-auto renew --quiet

This cron job will run twice a day, it will check if your will expire in less than 30 days, it it doesn’ it will do nothing, if it will expire in less than 30 days it will try to issue a new cert using the same paramaters as the first time you issued your cert.

Keep in mind that by default it won’t reload your web server to use the new certificate but you can add an option to certbot-auto renew to do it for you every time the cert is renewed.

Take a look to this post Newbie needs help with DuckDNS + LE + Ubuntu (in the post I use examples with letsencrypt-auto, in your case you should use certbot-auto and the right path to it, the same for the service you need to reload, use the right command to rload/restart the services using the certificate).

Good luck,
sahsanu

I’ve never used cronjobs. Most of my Linux knowledge comes from me using it on my home PC.

So this is what I did on my Bitnami server.

  1. sudo su

2.crontab -e

  1. I added the following to my crontab file '17 */12 * * * /etc/letsencrypt/letsencrypt/certbot-auto --quiet

  2. I used nano and saved the changes to the crontab file and got the following message “no crontab for root - using an empty one
    crontab: installing new crontab
    ”/tmp/crontab.m5mzrP/crontab":23: bad minute
    errors in crontab file, can’t install.
    Do you want to retry the same edit? (y/n) y -----I typed “y” ( don’t know what I was doing)
    crontab: installing new crontab"

I tried editing the crontab again and there where no cronjobs on the cron tab. I entered the same cron job into This time is without the qoutation mark in front of '17 */12.

I saved it in nano and got the following “no crontab for root - using an empty one
No modification made”

but I type crontab -e again (as root) and looks like it saved my cronjob

Is there a way to verify the cronjob is working?

Thanks,
Lance

If you want to verify that it’s running, you could add a second line that is otherwise identical but runs the command

17 */12 * * * touch /tmp/crontab-working

Then a file /tmp/crontab-working should appear in /tmp and should have its modification time updated every day 12:17 and 0:17. That would confirm that the crontab has the general effect that you want.

However, your renewal command is actually wrong as written. It should refer to certbot-auto renew --quiet, not just certbot-auto --quiet.

here are the entries in my crontab…

17 */12 * * * /etc/letsencrypt/letsencrypt/certbot-auto renew --quiet

17 */12 * * * touch /tmp/crontab-working

then I go to to my tmp folder and I see a file named "crontab.m5mzrP "

Is this the right way?

I was also wondering if there was a way to verify the SSL expiration date through the browser?

Thanks

You should be able to tell after the next 12:17 or 0:17 if there is also a file /tmp/crontab-working.

[quote]I was also wondering if there was a way to verify the SSL expiration date through the browser?
[/quote]

Sure. For example

Firefox: click the lock icon, then the right arrow, More Information, View Certificate.

Chromium and Chrome: press F12, then the » symbol, then Security, then View Certificate.

I checked my website certificate with Firefox

I forgot to mention I have Cloudflare. My Domain name points to an elastic IP. Then I set up my domain with Coudflare. I haft to enable SSL via Clodflare for my SSL to work. My SSL certificate says its Cloudflare and Comodo was mentioned in the certificate as well.

I remember the day I installed the certbot on my Bitnami image. After installation the pages would not display. Then Lo and Behold! I had to enable SSL via Cloudflare!

I’m 90% positive Cloudflare is using the Letencrypt certificate

How can I verify my Letsencrypt certificate?

Use this command:

openssl x509 -in /etc/letsencrypt/live/yeah-nothing.com/cert.pem -noout -text

You will see all the data for your certificate, if you only want to see the validity of your cert use this command:

openssl x509 -in /etc/letsencrypt/live/yeah-nothing.com/cert.pem -noout -dates

You already have 2 valid certificates, one of them was issued 4 days ago:

CRT ID     DOMAIN (CN)       VALID FROM              VALID TO                EXPIRES IN  SANs
141280940  yeah-nothing.com  2017-May-20 13:19 CEST  2017-Aug-18 13:19 CEST  86 days     www.yeah-nothing.com
                                                                                         yeah-nothing.com

100473088  yeah-nothing.com  2017-Mar-08 20:55 CET   2017-Jun-06 21:55 CEST  13 days     www.yeah-nothing.com
                                                                                         yeah-nothing.com

Thanks for your help

1 Like

Thanks for your help

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.