(2021-07-20) Renewing SSL
I set up SSL at (2021-04-25) Move To DigitalOcean. It's time to renew.
Jul20
- So I tried
certbot renewlike in the instructions pasted at that log page.
Processing /etc/letsencrypt/renewal/flux.garden.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/flux.garden/fullchain.pem (failure)
- So try
sudo certbot renew --manual-auth-hook→
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --manual-auth-hook: expected one argument
- My friend had suggested simply
sudo certbot --nginx -d www.flux.garden -d flux.garden→The requested nginx plugin does not appear to be installed - It sounds like it's safe to repeat the original-creator command. →
Please deploy a DNS TXT record under the name
_acme-challenge.flux.garden with the following value:
- That's the same entry-name as I had before, with a new value. I manage this in the Digital Ocean UI.
- →
Challenge failed for domain flux.gardenjfc - Tried again, failed again.
- probably irrelevant, but now find a couple DigitalOcean posts: How To Create Let's Encrypt Wildcard Certificates with Certbot and How To Use Certbot Standalone Mode to Retrieve Let's Encrypt SSL Certificates on Ubuntu 18.04
- created ticket https://community.letsencrypt.org/t/wildcard-ssl-renewal-failing/156153
- derp apparently the key thing was waiting 2min between submitting the new TXT value into the DNS-manager, and hitting
to run the verification.
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/flux.garden/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/flux.garden/privkey.pem
Your cert will expire on 2021-10-19. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- hmm not seeing seeing it reflected at https://www.ssllabs.com/ssltest/analyze.html?d=flux.garden oh maybe it's the 2nd cert listed?
- did
sudo systemctl restart nginx
- did
- also next time should really try setting up the plugin
Edited: | Tweet this! | Search Twitter for discussion
Made with flux.garden