I'm confused...
6 Likes
@rg305 Hmm so it all stemmed from this article here: SSL with Docker Swarm, Let's Encrypt and Nginx - Finnian Anderson
Which at the time was the most clear guide on this implementation... But maybe it's led us down the wrong path...
Is there any way of correcting this from standalone?
@rg305 this seems pretty clear, I'll try this and report back: How to convert from standalone to webroot mode (using nginx) for certificate renewal via certbot
I would recommend against making any manual changes to the renewal.conf files.
All you have to do is reissue the certificate via any other method and that will automatically update the renewal.conf file.
6 Likes
@rg305 thanks, understood.
The other method to reissue the certificate + update from standalone to authenticator/specific webroot, do you mind sharing an example of that? Is that a similar certbot command?
The instance of Nginx currently uses 443 for the webserver and 80 for http challenge requests.
Curious, since 443 is currently being used by the webserver - will that cause conflicts with reissuing? Or does it still only use port 80 because it's a renewal.
Appreciate the help!
1 Like
Basically, it's like issuing a brand new certificate.
Except you might not need it to be "installed".
Something like:
certbot certonly --webroot -w /path/to/your/web/root -d FQDN1 -d FQDN2
Then check what we've done with:
certbot certificates
7 Likes
Thank you @rg305, also appreciate the patience with my somewhat naive questions
I've prepared the following command, could you please have a look over and confirm that looks okay?
docker run --rm --name letsencrypt \
-v "/media/volumes/nginx-certificates:/etc/letsencrypt" \
-v "/media/volumes/nginx-certbot:/var/log/letsencrypt" \
-v "/media/volumes/nginx-certbot:/var/www/certbot" \
-v "/media/volumes/nginx-certbot:/tmp/letsencrypt" \
certbot/certbot:latest \
certonly --webroot --agree-tos \
--preferred-challenges http-01 --server https://acme-v02.api.letsencrypt.org/directory \
-m <notificationemail> \
-w /var/www/certbot -d <web.server.FQDN> \
I'm expecting the webroot is where the acme-challenge files go to? (i.e. in this case /var/www/certbot). Nginx will be using port 443 for something else, so I need it to happen over port 80, I've added in preferred-challenges http-01 - is that correct?
Thanks again!
1 Like
Are not needed - that's the default.
I'd put webroots together:
And the command ends with a "\" - remove that last one.
Path confirmed with the nginx config shown above:
5 Likes
So...
I'd use:
7 Likes
Thank you @rg305, greatly appreciated. I'll try this out tonight and let you know how it goes!
5 Likes
@rg305 you total legend!! Thank you!!
I'm pleased to report that has resolved our cert renewal issue. I also tested a --forced-renewal to make sure it would retrieve a new certificate upon renewal time and it had no trouble at all 
double confirmed with the expiration datetime changing after it.
I am very relieved. We were 4 days out from expiration.
Thank you and also @Osiris for really helping me out here. Great learning experience for me.
6 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.