25
votes
Accepted
How can I add subdomains to letsencrypt using certbots?
You have to use the --expand option of certbot
--expand tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new ...
- 411
12
votes
How to install certbot via snap on Amazon Linux 2023
There's honestly no good reason to run certbot, which is really just enough code to interact with letsencrpyt and modify a few configuration files, in a snap. Especially if you want it to actually do ...
- 51.3k
10
votes
Accepted
Debian and Certbot: where does the package install the cron job?
In any Debian derivate, to list the files installed for a package you usually do dpkg -L.
So in your case:
dpkg -L python-certbot-apache
This is give you the list of all files installed, and where.
...
- 58k
9
votes
Accepted
How does certbot bind port? Could not bind TCP port 80 because it is already in use by another process on
As the error says, port 80 "is already in use by another process on
this system (such as a web server)". You have told certbot to run standalone rather than co-operating with the existing ...
- 128k
4
votes
certbot and awscli require different versions of botocore
I had a similar issue.
sudo certbot certonly --dns-route53 -d example.com
An unexpected error occurred:
VersionConflict: (botocore 1.10.58 (/usr/lib/python2.7/site-packages),
Requirement.parse('...
3
votes
Can't install Certbot for Apache on CentOS Stream 9 (python3-certbot)
There's no a dnf package now, but a snap one. Refer to:
https://certbot.eff.org/instructions?ws=apache&os=centosrhel8
All command lines are:
dnf config-manager --set-enabled crb
dnf install https:...
- 31
3
votes
Accepted
How to configure the Certbot not to include options-ssl-apache.conf into my VirtualHosts?
You will want to use the certonly command:
Authenticators are plugins used with the certonly command to obtain a
certificate. The authenticator validates that you control the
domain(s) you are ...
3
votes
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/site_name/fullchain.pem") failed
As the error message indicates, the configuration file used by nginx is /etc/nginx/nginx.conf. If you open up that file, you should see a server block similar to this:
server {
listen ...
...
- 8,719
3
votes
Debian and Certbot: where does the package install the cron job?
Its actually using systemd.
I used systemctl list-unit-files | grep enabled to list my running services.
It's named certbot.timer
- 233
3
votes
Accepted
About Let’s Encrypt's certification renew and nginx
When can you renew?
From their FAQ (emphasis mine)
Our certificates are valid for 90 days. You can read about why here.
There is no way to adjust this, there are no exceptions. We recommend ...
- 21k
2
votes
Using -d with 2 versions of the same domain in Certbot
Well, the reason is that I used a comma. The comma is redundant.
This worked:
certbot --nginx -d contfix.co.il -d www.contfix.co.il
- 41
2
votes
Accepted
How to validate / fix an error in Certbot renewal cron
The actual command run by cron is:
test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew
It starts by testing some files
test -...
- 68
2
votes
Accepted
Unable to install Let's Encrypt certificate on CentOS 7
What's the problem with doing this?:
sudo yum install mod_ssl
sudo a2enmod ssl
(restart apache then)
- 31.1k
2
votes
Accepted
Debian 9 stretch-backports signature couldn't be verified
This should answer your question directly. Should even be able to copy and paste the commands.
https://rolfje.wordpress.com/2017/06/09/installing-gpg-keys-for-debian-backports/
- 658
2
votes
How does certbot bind port? Could not bind TCP port 80 because it is already in use by another process on
Stop the web server:
sudo systemctl stop apache2
# or if you are using Nginx
sudo systemctl stop nginx
Run Certbot to obtain the certificate:
sudo certbot certonly --standalone -d yourdomain.com
...
- 21
2
votes
Accepted
NGINX HTTPS not redirecting properly
The port 80 is being redirected to 443 which is trying to proxy 80 which is redirecting ....
Remove the
location / {
# return 301 https://mnpd.khkm.dev$request_uri;
proxy_pass http:...
- 159
2
votes
Setting up Apache with Certbot/Let’s Encrypt but keep it offline until fully configured
I went through the process of switching from self-signed certs to Let's Encrypt a few weeks ago...self-signed have been good enough for my needs for decades because I really only care about encryption ...
- 83.9k
1
vote
How does certbot bind port? Could not bind TCP port 80 because it is already in use by another process on
If you're running certbot --standalone then certbot will try and stand up a temporary webserver on port 80 to do the validation. However it's not able to do this since you already have a site running ...
- 11
1
vote
Accepted
How do I know what process is running for a systemd-timers service?
When you use systemctl list-timers you are listing the active *.timer units.
Example:
stew ~ $ systemctl list-timers
NEXT LEFT LAST PASSED ...
- 16k
1
vote
Accepted
SLE: installing certbot and its NGINX plugin
These commands installed the certbot on SLE 15 SP2:
sudo SUSEConnect -p PackageHub/15.2/x86_64
sudo zypper ref
sudo zypper install python3-certbot python3-certbot-nginx
And then, this command enabled ...
- 1,579
1
vote
Accepted
Upgrade certbot on Debian Jessie
Thank you to everyone for the support.
I finally solved the problem, using a different ACME client as suggested here
Even though the procedure to install a certificate is quite easy, i want to share ...
- 11
1
vote
Accepted
Need help to fix my bash script
Use certbot -n
-n, --non-interactive, --noninteractive
Run without ever asking for user input. This may
require additional command line flags; the client will
...
- 23.2k
1
vote
Accepted
How Should I Move SSL Certificates (Made With Certbot) From One Ubuntu Server To Another?
The only way to turn off the certificate on the 1st server is to revoke it.
Whether you revoke it, or simply delete the certificate's private key is up to you. To be more precise, you should read the ...
- 35k
1
vote
404 not found error, certbot generating tls certificate
In order to verify that you actually control the domain you are requesting a certificate for, Let's Encrypt is using a HTTP-based challenge mechanism. Basically, Let's Encrypt is giving certbot a long ...
- 114k
1
vote
How can I add subdomains to letsencrypt using certbots?
If you are using NginX, you can use:
certbot --nginx
This will guide you through the number of steps, asking you what to do - including extending existing certificate with a new domain (detected in ...
- 111
1
vote
Different page from a browser and wget
I found the reason...
DNS had different physical servers in IPv4 and IPv6 records (A and AAAA) and one place (my browser) was using IPv4 while all the other servers I checked used IPv6, including ...
- 111
1
vote
Certbot does not force Apache2 to read newly generated certificates
I have just found yet another way of doing this, and IMHO this one is the most convenient.
Go to the Let's Encrypt renewal configuration directory:
# cd /etc/letsencrypt/renewal
Edit the desired ...
- 31.1k
1
vote
Accepted
Certbot does not force Apache2 to read newly generated certificates
I usually tend to avoid restarting services just for the sake of restarting them, for several reasons. So I would advise just restarting Apache when the certificate has been renewed.
For certbot, it ...
- 58k
1
vote
Certbot does not force Apache2 to read newly generated certificates
This can be simply accomplished by adding:
&& apachectl -k graceful
to the daily Certbot command.
This way, twice a day:
The certificates will get checked for expiration and if expired, then ...
- 31.1k
1
vote
Certbot-nginx displays error
When I last ran into this, it was an error with a non-ASCII character in the default nginx configuration that LetsEncrypt is attempting to read so it can add its own configuration. The following ...
- 5,206
Only top scored, non community-wiki answers of a minimum length are eligible