Setting Up Auto-Update for Let's Encrypt
Sometimes when you follow the instructions to set up a web server (for example, a PeerTube installation, or OnlyOffice installation) they show you how to set up Let's Encrypt so you can get SSL (ie., so your pages run on secure HTTPS) but not how to make sure the SSL certificates automatically renews.So I'm writing this to make sure I remember the instructions.
If you need to install Let's Encrypt, don't continue with this article; there are instructions here. This article is only for people trying to renew their certificates.
To renew Let's Encrypt, normally you type:
sudo certbot renew
or
/usr/bin/certbot renew
Now it's always good to test your cron commands. And here, if you use certbot renew then if you're not set up properly, though, this will produce an error:
Failed to renew certificate peertube.downes.ca with error: Missing command line flag or config entry for this setting:
Input the webroot for peertube.downes.ca:
Here's what's happening: when you set up Let's Encrypt certbot, it creates a directory here:
/etc/letsencrypt/renewal
and inside that directory there will be a file for your website, like this:
peertube.downes.ca.conf
This file gives Let's Encrypt the location of all your certificates and tells it where to store renewal information. The trick is to make sure it has a place to store this information.
So what you need to do is insert a line into the .conf file with that information. Here's what I added:
webroot_path = /var/www/certbot,
I saved the .conf file and tested it with:
certbot renew --cert-name peertube.downes.ca.conf --dry-run
and it worked.
These instructions came from: https://serverfault.com/questions/1035830/certbot-renew-dry-run-fails-with-error-input-the-webroot-for-sub-mydomain-com
Comments
Post a Comment
Your comments will be moderated. Sorry, but it's not a nice world out there.