It finished successfully. Sorry for forgetting your alt. command at first.
I’m sorry.
We keep getting derailed and side-tracked and are now going in circles.
You don’t seem to have updated certbot
(sufficiently)
nginx
is unable to serve the /.well-known/acme-challenge/
test files as instructed.
We are literally getting nowhere fast [and doing it extremely slowly].
Your current choices are (as I see them):
- put another (newer) system in front of this (old) server to proxy the content via a useable web browser and newer
certbot
- remove and upgrade the current
certbot
(to snaps version) - update the current system
- upgrade the current system
Probably only #2 is an option, because I don’t have a third computer and BBB only runs on Server 16.04.7 from what I read. Let me see how to upgrade certbot and I’ll be back.
Or swtich to certbot-auto
or
switch to acme.sh
16.04 is supported by snaps.
- Remove the current
certbot
sudo apt remove certbot
- remove any unused...leftovers
sudo apt-get autoremove
- install certbot from snaps
sudo snap install certbot --classic
Ok, got Certbot 1.8 now.
OK.
But this change does nothing for nginx
version 1.10.3 - that remains
Hopefully 1.8.0 can work better with it.
Allright try:
certbot --nginx
[and walk through the choices]
Also, OpenSSL may need to be checked/updated as well.
[you are only as secure as your weakest link]
Certbot finished fine and sudo apt update
says everything’s up to date.
? ? ?
Did you get a cert?
Did it say "Congratulations..."
What about:
openssl version
Yes. Renewed and replaced it. Said Congratulations!
Openssl version: 1.0.2g
You then have to do:
sudo apt upgrade
[update only synchronizes the repositories]
They go hand and hand:
sudo apt update
sudo apt upgrade
Yea, I always do that. sudo apt upgrade
says 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
OpenSSL version 1.0.2 is up to update "w"
That's 16 updates since "g"
See: /news/vulnerabilities-1.0.2.html
And decide if you are OK with using that version.
Well at least that is GOOD NEWS!
Wouldn’t hurt to use a new version of Openssl.
Now you need to test that it works. https://…
And ensure it renews automatically.
Yea, morocotagold.gq opens fine with https.
Agreed but you may have to download/compile it yourself.
Not sure... maybe they have a snaps installer - LOL
Rated a big, green A