Difference between revisions of "Certbot renew"

From wikieduonline
Jump to navigation Jump to search
Line 67: Line 67:
 
* <code>certbot renew --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini</code>
 
* <code>certbot renew --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini</code>
  
== Related commands ==
+
== Related terms ==
 
* <code>[[certbot certificates]]</code> (list certificates)
 
* <code>[[certbot certificates]]</code> (list certificates)
 
* <code>[[certbot certonly]] -n -d example.com -d www.example.com</code>
 
* <code>[[certbot certonly]] -n -d example.com -d www.example.com</code>
 
:<code>-d flag</code>
 
:<code>-d flag</code>
 +
*  <code>/etc/cron.d/certbot]]</code>
  
 
== See also ==
 
== See also ==

Revision as of 08:09, 5 May 2021

Configuration directory: /etc/letsencrypt/renewal/

Examples

  • certbot renew
  • certbot renew --quiet
  • certbot renew --nginx
  • certbot renew --dry-run
  • systemctl stop nginx && certbot renew && systemctl start nginx && systemctl status nginx && certbot certificates


Crontab entry to renew every 13th every month:

0 0 13 * * systemctl stop nginx && certbot renew && systemctl start nginx

Certbot renew configuration examples

/etc/letsencrypt/renewal/DOMAIN.com.conf
.../...
# Options used in the renewal process
[renewalparams]
account = t513041ebec01207237ef7251192397t
pref_challs = dns-01,
authenticator = manual
manual_public_ip_logging_ok = True

or

# Options used in the renewal process
[renewalparams]
account = t513041ebec01207237ef7251192397t
pref_challs = http-01,
authenticator = standalone
server = https://acme-v02.api.letsencrypt.org/directory


Options:

pref_challs: dns-01 | http-01
authenticator: manual | standalone

Renew examples

certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

With Errors

certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/YOUR_DOMAIN.com-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for YOUR_DOMAIN.com
Cleaning up challenges
Attempting to renew cert (XXXXXX.com-0001) from /etc/letsencrypt/renewal/XXXXXX.com-0001.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
Solution: 
systemctl stop nginx && certbot renew && systemctl start nginx && systemctl status nginx && certbot certificates
certbot renew
Processing /etc/letsencrypt/renewal/DOMAIN.com.conf

Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your 
existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when 
using the manual plugin non-interactively.',)
Attempting to renew cert (DOMAIN.com) from /etc/letsencrypt/renewal/DOMAIN.com.conf produced an 
unexpected error: The manual plugin is not working; there may be problems with your existing 
configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when 
using the manual plugin non-interactively.',). Skipping.
The following certs could not be renewed:
 /etc/letsencrypt/live/DOMAIN.com/fullchain.pem (failure)
 
None of the preferred challenges are supported by the selected plugin. Skipping.

DigitalOcean

Doc: https://certbot-dns-digitalocean.readthedocs.io/en/stable/

  • certbot renew --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini

Related terms

-d flag
  • /etc/cron.d/certbot]]

See also

Advertising: