Wildcard certificate automatic renewal

agranville · August 25, 2020, 11:13am

Hi,

I have configured a wildcard cetificate, following the instructions available at Certbot’s website
at the following URL: https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx

I have Ubuntu 18 running with the web server NGINX and Amazon Route53 as the DNS provider.

I have successfully issued the wildcard certificate, however I’m not sure if the automatic renewal configuration is working. As instructed, I have issued the command sudo certbot renew --dry-run
and I got the following output:

Certbot-Renewal

Since the instructions doesn’t explain what would be the expected result, I’m not sure if the automatic feature has been successfully configured or not.

I would apreciate any help on this.

Best regards, André Granville

_az · August 25, 2020, 11:15am

That output suggests that Certbot has no certificates configured whatsoever, so there is nothing to test with --dry-run.

What is the output of

sudo certbot certificates

agranville · August 25, 2020, 12:33pm

Hi _az,

Thanks for your reply.

Indeed, the sudo certbot certificates returns No certs found, altougth I have received the congratulations message from certbot and also the web browser correctly sees it:

I have just found out what happened. I have configured the certificate in the following directory:

/home/ubuntu/letsencrypt/config/live

For some reason, when I create the wildcard certificate without explicitly setting a path (the certificate is create at /etc/letsencrypt/live), certbot recognizes the existence of the certificate, when issuing the sudo certbot certificates command

Any ideas why certbot couldn´t find it at /home/ubuntu/letsencrypt/config/live ?

Regards, André

jvanasco · August 25, 2020, 6:03pm

Certbot should be saving into /etc/letsencrypt unless you override it with environment variables It shouldn't be going into /home/ubuntu/letsencrypt/config/live unless you pass in explicit arguments.

Two possibilities come to mind:

I believed in Ubuntu18.04 there was a change in which invoking sudo changes the environment from the user to root.
There could be some sort of environment variable set.

Certbot accepts the following args that I often use to change the directory; there may be more now but this is from one of my local scripts:

certbot --config-dir /webserver/environments/certbot/config \
		--work-dir /webserver/environments/certbot/work \
		--logs-dir /webserver/environments/certbot/logs

It shouldn't be looking there, unless this is related to the new "snaps".

agranville · August 25, 2020, 7:26pm

I was overriding the default certbot path, setting it to /home/ubuntu/letsencrypt/config.
Probably has to do with the first possbility pointed out by you, regarding the sudo invocation.

jvanasco · August 25, 2020, 7:48pm

I'm a little confused.

The first thing I wanted to write is: instead of sudo certbot renew --dry-run , you just need to add the same flag(s) used to obtain the certificate:

sudo certbot renew --dry-run  --config-dir={WHATEVER_YOU_HAD_BEFORE}

Certbot just doesn't know to look in the alternate directory you set things up with.

BUT

Your comments/text suggest that you might want the opposite to happen.

I'm not sure exactly where you want the certs to be, but hopefully I've pointed you in the right direction regarding the directory overrides.

system · September 24, 2020, 7:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Wildcard "Auto Renewal" Fails, But Renews Manually! Help	5	2578	November 6, 2019
How to setup automatic renewal for wildcard certificate using certbot Help	4	10957	June 14, 2018
Certificate renew failure with AWS route 53 Server	3	2870	March 6, 2019
Renewal of a wildcard certificate with 0.26.01 (--preferred-challenges dns) Help	4	4130	August 29, 2018
Problem with renew wildcard certificate Help	2	2280	June 16, 2018

Wildcard certificate automatic renewal

Related topics