I am so dumb ... how to add --dry-run before?
What you mean exactly?
1 Like
If you ran:
cerbot certonly
then just add it to that:
certbot certonly --dry-run
If you ran something else, then:
{whatever you ran} --dry-run
Is that exact enough?
1 Like
I see! What is the result of --dry-run? fireworks LOL?!
1 Like
Show the output please.
--dry-run is just test mode
No cert will be issued.
1 Like
C:\Program Files (x86)\Certbot>certbot certonly --dry-run
Saving debug log to C:\Certbot\log\letsencrypt.log
How would you like to authenticate with the ACME CA?
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
1 Like
You already have IIS listening on port 80, so #2
Then provide the directory path [where you placed the test files]
1 Like
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Account registered.
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): topkeg.com
Simulating a certificate request for topkeg.com
Performing the following challenges:
http-01 challenge for topkeg.com
Input the webroot for topkeg.com: (Enter 'c' to cancel): c:\HostingSpaces\admin\topkeg.com\wwwroot
Waiting for verification...
Cleaning up challenges
e[1m
IMPORTANT NOTES:
- The dry run was successful.
e[0m
C:\Program Files (x86)\Certbot>
Guess we win?!
1 Like
YES!
Now do the same exact thing WITHOUT --dry-run
1 Like
C:\Program Files (x86)\Certbot>certbot certonly --webroot
Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): topkeg.com
Requesting a certificate for topkeg.com
Performing the following challenges:
http-01 challenge for topkeg.com
Input the webroot for topkeg.com: (Enter 'c' to cancel): c:\HostingSpaces\admin\topkeg.com\wwwroot
Waiting for verification...
Cleaning up challenges
Subscribe to the EFF mailing list (email: sales@cosmoelite.com).
e[1m
IMPORTANT NOTES:
e[0m - Congratulations! Your certificate and chain have been saved at:
C:\Certbot\live\topkeg.com\fullchain.pem
Your key file has been saved at:
C:\Certbot\live\topkeg.com\privkey.pem
Your certificate will expire on 2021-05-16. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew all of your
certificates, run "certbot renew"
-
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
C:\Program Files (x86)\Certbot>
Keep winning! So now my server will have autorenewal SSL?
1 Like
Try this as a test:
certbot renew --dry-run
If that works, try this final test ONLY ONCE:
certbot renew --force-renewal
If that works (and you already have a task setup properly to periodically run certbot renew), you should be good to go!
PS - We might need to work-in a --deploy-hook to reload your webserver after each successful certificate acquisition.
1 Like
I am running with windows server, and it seems need to convert the .pem to pfx and installing the pfx certificate and then binding the port. I could not convert the received pem files to PFX, seems something wrong.
Ok I am gonna try the : certbot renew --dry-run
1 Like
Keep in mind that fullchain.pem contains both cert.pem and chain.pem (in that order).
1 Like
C:\Program Files (x86)\Certbot>certbot renew --dry-run
Saving debug log to C:\Certbot\log\letsencrypt.log
Processing C:\Certbot\renewal\topkeg.com.conf
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Simulating renewal of an existing certificate for topkeg.com
Performing the following challenges:
http-01 challenge for topkeg.com
Waiting for verification...
Cleaning up challenges
new certificate deployed without reload, fullchain is
C:\Certbot\live\topkeg.com\fullchain.pem
Congratulations, all simulated renewals succeeded:
C:\Certbot\live\topkeg.com\fullchain.pem (success)
C:\Program Files (x86)\Certbot>
I think is ok!
1 Like
When I tried this: certbot renew --force-renewal
The system seems stall and not running...Did I break it?
1 Like
Yes..it didn't hit "enter" properly I believe..now is ok!
1 Like
This sounds like you would do better with a more mature Windows ACME client.
Like:
https://github.com/rmbolger/Posh-ACME
https://certifytheweb.com/
https://www.win-acme.com/
1 Like
Ok I shall give a look and trying, everyday learning!
Thank you one million for your time and patient!
Regards,
Paul
2 Likes
Glad to help you on your learning journey!
Cheers from Miami 
[now back to trading crypto for beer...]
1 Like
I love beer too, cheers from Quebec Canada 
You guys are awesome and having unlimited beer from crypto LOL
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.