Trying to specify the cert storage location and failing

rorymckinley · August 22, 2017, 3:52pm

Please fill out the fields below so we can help you better.

I ran this command:
sudo letsencrypt certonly --manual --expand --preferred-challenges dns --cert-path /etc/letsencrypt/live/production.openfunction.io --key-path /etc/letsencrypt/live/production.openfunction.io --fullchain-path /etc/letsencrypt/live/production.openfunction.io --chain-path /etc/letsencrypt/live/production.openfunction.io -d www.openfunction.io -d openfunction.io -d production.openfunction.io -d www.openfn.org -d openfn.org -d production.openfn.org

It produced this output:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.openfunction.io/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.openfunction.io/privkey.pem
Your cert will expire on 2017-11-20. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"

My web server is (include version):
nginx version: nginx/1.10.3 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 16.04
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

Just to add to the above in case the error is not clear: Certbot does not seem to be using the paths specified when creating the certs. That is (currently) the only issue I have, everything else seems ot be working perfectly.

sahsanu · August 22, 2017, 4:41pm

Hi @rorymckinley,

As far as I know, the options --cert-path, --key-path, etc. are not used to specify where the certificate, key, etc. will be saved, those are options for installation, revokation purposes.

Checking your command seems you want to save your certificate inside the /etc/letsencrypt/ structure but instead of saving it in /etc/letsencrypt/live/www.openfunction.io you want it here /etc/letsencrypt/live/production.openfunction.io. Well, by default, letsencrypt client will use the the first domain defined in the command as the certificate name, that is the reason letsencrypt saved the cert in that path.

You can change the order of the domains in your command or if you are using letsencrypt (now is certbot) version 0.10.0 or above you can use the parameter --cert-name to specify the name to be saved in /etc/letsencryp/live/ dir.

Something like this:

sudo letsencrypt certonly --manual --expand --preferred-challenges=dns --cert-name production.openfunction.io -d www.openfunction.io -d openfunction.io -d production.openfunction.io -d www.openfn.org -d openfn.org -d production.openfn.org

Good luck,
sahsanu

rorymckinley · August 24, 2017, 1:54pm

Thanks sahsanu - cert–name was indeed the thing I was looking for.

system · September 23, 2017, 1:54pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.