User Tools
linux:certbot_update
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
linux:certbot_update [2018/05/09 10:17] admin created |
linux:certbot_update [2018/05/09 10:27] (current) admin |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| + | |||
| + | I found another way. I used the following option: | ||
| <code bash> | <code bash> | ||
| - | [root@prague conf.d]# certbot certonly --manual -d prague.acim.cz --preferred-challenges="dns" | + | --preferred-challenges="dns" |
| - | Saving debug log to /var/log/letsencrypt/letsencrypt.log | + | </code> |
| - | Plugins selected: Authenticator manual, Installer None | + | |
| - | Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org | + | |
| - | Cert not yet due for renewal | + | |
| - | You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry. | + | The entire command looked like this: |
| - | (ref: /etc/letsencrypt/renewal/prague.acim.cz.conf) | + | |
| - | What would you like to do? | + | <code bash> |
| - | ------------------------------------------------------------------------------- | + | certbot certonly --manual -d theos-blog.com -d infosec.theos-blog.com --preferred-challenges="dns" |
| - | 1: Keep the existing certificate for now | + | </code> |
| - | 2: Renew & replace the cert (limit ~5 per 7 days) | + | |
| - | ------------------------------------------------------------------------------- | + | |
| - | Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 | + | |
| - | Renewing an existing certificate | + | |
| - | Performing the following challenges: | + | |
| - | dns-01 challenge for prague.acim.cz | + | |
| - | ------------------------------------------------------------------------------- | + | When you run that command, you'll get output similar to the following: |
| - | NOTE: The IP of this machine will be publicly logged as having requested this | + | |
| - | certificate. If you're running certbot in manual mode on a machine that is not | + | |
| - | your server, please ensure you're okay with that. | + | |
| - | Are you OK with your IP being logged? | + | <code bash> |
| + | Please deploy a DNS TXT record under the name | ||
| + | _acme-challenge.theos-blog.com with the following value: | ||
| + | |||
| + | <random looking string 1> | ||
| + | |||
| + | Once this is deployed, | ||
| ------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ||
| - | (Y)es/(N)o: y | + | Press Enter to Continue |
| ------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ||
| Please deploy a DNS TXT record under the name | Please deploy a DNS TXT record under the name | ||
| - | _acme-challenge.prague.acim.cz with the following value: | + | _acme-challenge.infosec.theos-blog.com with the following value: |
| - | TA_U12HOMamwt8e5qLy8H9s6LRWP-O0Ap3TzVkAiVus | + | <random looking string 2> |
| - | Before continuing, verify the record is deployed. | + | Once this is deployed, |
| ------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ||
| Press Enter to Continue | Press Enter to Continue | ||
| + | </code> | ||
| + | Navigate to your CloudFlare admin page and select DNS from the top menu. | ||
| + | |||
| + | {{ :linux:cloud_flare_dns.png |}} | ||
| + | |||
| + | In the dropdown under DNS Records, choose TXT. Enter the name provided under Name, and the random looking string under Value, then click on Add Record. It should look similar to the following: | ||
| + | |||
| + | {{ :linux:cloud_flare_dns_txt_strings.png |}} | ||
| + | |||
| + | Back on your server, hit Enter to allow the process to continue. | ||
| + | |||
| + | If all goes well, you'll get output like below: | ||
| + | |||
| + | <code bash> | ||
| Waiting for verification... | Waiting for verification... | ||
| Cleaning up challenges | Cleaning up challenges | ||
| IMPORTANT NOTES: | IMPORTANT NOTES: | ||
| - | - Congratulations! Your certificate and chain have been saved at: | + | - Congratulations! Your certificate and chain have been saved at |
| - | /etc/letsencrypt/live/prague.acim.cz/fullchain.pem | + | /etc/letsencrypt/live/infosec.theos-blog.com/fullchain.pem. Your cert will expire on 2017-11-08. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" |
| - | Your key file has been saved at: | + | |
| - | /etc/letsencrypt/live/prague.acim.cz/privkey.pem | + | |
| - | Your cert will expire on 2018-08-07. To obtain a new or tweaked | + | |
| - | version of this certificate in the future, simply run certbot | + | |
| - | again. To non-interactively renew *all* of your certificates, run | + | |
| - | "certbot renew" | + | |
| - If you like Certbot, please consider supporting our work by: | - If you like Certbot, please consider supporting our work by: | ||
| - | |||
| Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate | Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate | ||
| Donating to EFF: https://eff.org/donate-le | Donating to EFF: https://eff.org/donate-le | ||
| - | |||
| - | [root@prague conf.d]# | ||
| </code> | </code> | ||
| + | Now, restart your server, nginx in my case: | ||
| + | <code bash> | ||
| + | systemctlhttpd restart | ||
| + | |||
| + | </code> | ||
| + | Refresh your page in your browser, and you're up and running! | ||
linux/certbot_update.1525853862.txt.gz · Last modified: 2018/05/09 10:17 by admin
Page Tools
