Questions tagged [certbot]
The certbot tag has no usage guidance.
334
questions
160
votes
12
answers
323k
views
Best practices for setting a cron job for Let's Encrypt (Certbot) renewal?
Is this correct way to set cron for renewal of Let's Encrypt cert in Apache2 ?
I use Ubuntu 16.04.
@monthly letsencrypt renew && service apache2 reload
36
votes
3
answers
75k
views
How to totally remove a certbot-created SSL certificate?
I use Ubuntu 16.04 with Nginx and I've installed Nginx Certbot on my operating system (Ubuntu 16.04) with:
apt-get update -y
add-apt-repository ppa:certbot/certbot -y
apt-get update -y
apt-get ...
26
votes
4
answers
87k
views
Certbot letsencrypt on different port than 443
I want to set up certbot for a webserver on a different port than 443.
I got the following error when running
certbot --apache -d <sub>.<domain>.<ext>
Failed authorization ...
22
votes
5
answers
49k
views
How to install Certbot on Amazon Linux EC2
I have an Amazon EC2 box. I have installed Apache, MariaDb and PHP on it.
Among other things, I want to host a couple of WordPress websites on the EC2.
How do I go about installing Certbot on Amazon ...
16
votes
1
answer
75k
views
Renew domains using certbot and using DNS challenge
I created several SSL certificates for several domains using the standalone method. I am only interested in the certificates, without server integration.
They are now for renewal.
So, I ran:
certbot ...
14
votes
1
answer
4k
views
Why does my Let's Encrypt certificate contain references to Cloudflare?
I own a website that uses a Let's Encrypt certificate. It's not behind Cloudflare, it's hosted at OVH and I'm accepting direct traffic from it.
Now, I set up an apache2 webserver and used certbot to ...
10
votes
10
answers
15k
views
certbot for letsencrypt missing pyopenssl module
I need help setting up the CertBot for LetsEncrypt
I am running on CentOS 7 with Python 2.7
When I run certbot I get the following error:
[root@li86-193 frappe-bench]#certbot certonly --manual
...
8
votes
2
answers
19k
views
nginx "ERR_TOO_MANY_REDIRECTS" after add ssl
After i add Let's Encrypt certificate to my website with CertBot
i get ERR_TOO_MANY_REDIRECTS when i try to visit the domain of my website.
some info :
-mywebsite build with django, nginx and ...
7
votes
3
answers
41k
views
How do I specify a port other than 80 when adding SSL certificate using Certbot?
I have a server which runs 2 different web servers (Apache and Nginx). The Apache server takes care of all the traffic directed to Wordpress sites whereas the Nginx server serves my Python API and ...
7
votes
1
answer
24k
views
Letsencrypt for all subdomains *.example.com [duplicate]
I'd like to obtain one certificate working for all my subdomains *.example.com.
This works:
certbot-auto certonly --webroot --webroot-path /home/www/example/ --domain example.com
...
7
votes
4
answers
5k
views
How to migrate letsencrypt renewal from apache2 to nginx
I inherited a very new magento configuration from a previous employee (who left for another job) where I currently work. The original Magento was set up with v2.1.8 but I have had to update/upgrade ...
7
votes
5
answers
9k
views
Failing to install certbot on debian jessie
I've followed the instructions at https://certbot.eff.org/all-instructions/#debian-8-jessie-nginx but cannot install certbot:
sudo apt-get -t jessie-backports install certbot
Reading package lists... ...
7
votes
1
answer
1k
views
Explain Certbot's HTTPS redirect configuration
Can someone explain why Certbot is using the following redirect configuration
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
...
7
votes
1
answer
6k
views
nginx https www redirect to non-www using let's encrypt certbot
Hi this must be a basic question but I haven't seen an answer with cerbot considerations (if there are any considerations). How do I get https www to redirect to non-www instead of timing out?
The ...
7
votes
2
answers
5k
views
Certbot fails with AttributeError: 'module' object has no attribute 'Locale'
I setup a new server a couple of months ago, running Ubuntu 18.04 LTS. I successfully installed certbot and created my certificates using the cloudflare DNS plugin.
It's now getting to be time for ...
6
votes
2
answers
7k
views
How to query DNS for special **NAMED** TXT records
I am using certbot to generate a ssl certificate for a third party web app. Because I cannot get into the source code or folder structure, I am using DNS validation. To further complicate things, my ...
6
votes
1
answer
2k
views
Why does certbot suddenly fall back to http-01 challenge instead of tls-sni-01 (https)?
I have a well-tested bash script that was running fine until a few weeks ago.
It seems that certbot challenge defaults now to http instead of https. I can't figure out the reason.
echo 'rsa-key-size =...
6
votes
1
answer
11k
views
SSL_ERROR_RX_RECORD_TOO_LONG certbot
I have the following setup:
Apache 2.4
Ubuntu 16.04 LTS
letsencrypt / certbot
Now, as soon as I enable the following .conf on the default server, all my configured top level domains receive a ...
5
votes
1
answer
2k
views
How can I disable "Subject Alternative Name" from being included in Certbot Let's Encrypt certificates?
Using Certbot to install an R3 Let's Encrypt certificate on an nginx webserver causes all the other domains in the nginx configuration to be included under "Subject Alternative Name" on the ...
5
votes
2
answers
11k
views
looking for a way to get certbot running on Amazon Linux 2
Amazon has a new Linux out called "Amazon Linux 2"
When I try and get certbot going....
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto
gives this error
Sorry, I ...
5
votes
1
answer
2k
views
Will certbot actually renew my certificate?
Looking at /etc/cron.d/certbot, I don't think it will! That file includes the line:
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' ...
5
votes
1
answer
3k
views
Certbot renew certificates with autoprovided webroot
I have created some certificated using certbot's --standalone option but I want to renew them so I run (testing if will get renewed):
sudo certbot renew --dry-run
But for some domains I get the ...
5
votes
2
answers
18k
views
How to automate certbot certificate renewal on Ubuntu 20.04
I'm running certbot on Ubuntu 20.04 in AWS, installed as a snap package. I'm not sure if certbot renewal is running properly. I'd appreciate some help working out how to best get it working.
This is a ...
5
votes
2
answers
6k
views
Let's Encrypt DNS challenge with multiple public DNS providers
We use two DNS providers for redundancy. Since the DynDNS DDOS attack of 2016, I expect we are not alone in this practice.
I am attempting to use the Let's Encrypt certbot with DNS challenge. Having ...
5
votes
1
answer
3k
views
What exactly does Let's Encrypt certbot's `enhance` command?
Let's Encrypt certbot have subcommand enhance that has a description "Add security enhancements to your existing configuration".
The only additional information that I can find in certbot's CLI help ...
5
votes
3
answers
2k
views
certbot setting up ssl, error "No module named 'ConfigParser'"
I am setting up my website to use https via certbot.
I am following the directions here
I run the wget and chmod with no problems, but when I execute:
./certbot-auto
I get the following errors:
...
4
votes
3
answers
9k
views
Can't find certbot cron job after successful installation
I've developed a REST API in Node and installed nginx as reverse proxy in front of that in order to handle the SSL certificate from Letsencrypt. It's the first time I've set up nginx but everything ...
4
votes
2
answers
4k
views
Migrating certbot/letsencrypt certificate to new server
I have a server out there that supports HTTPS using a certbot/letsencrypt certificate.
I am doing a general software upgrade so to minimize risks and downtime, I'm installing new releases on a new ...
4
votes
1
answer
2k
views
Installing certbot - error - "nothing provides pyparsing"
I'm trying to set up let's encrypt on my Amazon ec2 RHEL nginx server, via the command $ sudo yum install certbot-nginx but it keeps failing:
$ sudo yum install certbot-nginx
Last metadata expiration ...
4
votes
2
answers
2k
views
monit, let's encrypt, and file permissions
I decided to put monit on my vps running centos 7.
I've already got let's encrypt on the server and the certs are installed. I wanted to point monit at the fullchain.pem or the cert.pem, but I get ...
4
votes
1
answer
737
views
Operation of certbot and nginx
I was hoping someone could satisfy my curiosity about how certbot and nginx interact during renewal time.
On my Linux host, I set up certbot and the certbot-nginx plugin.
I had some regular nginx site ...
4
votes
2
answers
14k
views
Certbot (LetsEncrypt) on custom port (Nginx OR apache)
I've found many similar questions, people asking about how-to setup SSL on different ports (other than 80/443), i.e. 1234 port.
However, all answers were like use redirection or proxying requests or ...
4
votes
1
answer
1k
views
Let's encrypt: renew vs new, or: why renew
Might be a stupid question but: where is the difference between renewing a Let's encrypt certificate and just getting a new one?
Related question and background for this question: do I need to keep ...
4
votes
2
answers
3k
views
lighttpd proxy all except .well-known for letsencrypt
I want to configure lighttpd to accept requests from letsencrypt service for cert renewal, but I have a problems with the configuration because it's using as proxy server, so my /.well-known is not ...
4
votes
1
answer
1k
views
Could not allocate new session in SSL session shared cache "le_nginx_SSL" while SSL handshaking
I have a centos 8 server with nginx and certbot installed. When I check:
cat /var/log/nginx/error.log
I get this error a lot:
[alert] 2245236#0: *42902735 could not allocate new session in SSL session ...
4
votes
1
answer
6k
views
How can I retrieve my Let's Encrypt registration's current email address?
I understand that Let's Encrypt maintains an email address as a registration and recovery contact for every "account." This email address is used to notify the owner of the certificates of upcoming ...
4
votes
2
answers
2k
views
certbot renew crashes nginx and all websites go offline
When sudo certbot renew command is run, nginx server is crashing. The error log in systemd looks like this:
- The job identifier is 48862.
Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx....
4
votes
2
answers
5k
views
Can't install certbot on ubuntu 16.04.3
I'm trying to install certbot in my ubuntu 16.04.3 server, the same commands that work with 16.04.2 won't do it. The python installed is default Python 2.7.12
This is the installation script:
#!/bin/...
4
votes
2
answers
4k
views
Can I enable TLS 1.3 with Certbot?
I am working with Nginx and Certbot, I have secured a domain with HTTPS. I would like to get the domain up to TLS 1.3.
The Nginx server block for my domain get's it's SSL protocols from the included ...
4
votes
1
answer
1k
views
How to make Certbot ignore a particular domain in nginx?
I have ~30 domains running on my server, all of them with SSL certificates managed by the Certbot nginx plugin. All of them, except one... let's call it selfsigned.example.com.
This domain uses a ...
3
votes
1
answer
4k
views
nginx certbot certificate www and non-www
I haven't really wrapped my head around how to create (working) certificates using certbot for nginx.
My sites-enables now look like this:
First, a block for the www domain with SSL. All the SSL ...
3
votes
2
answers
13k
views
Export client certificate from Let's Encrypt certificates
I'm running Debian and have certbot for creating Let's Encrypt certificate.
I act as client towards a TLS server, and needs to handover my client certificate for approval.
I've got the following ...
3
votes
3
answers
5k
views
TLS v1.3 not active despite being enabled in NGINX config (certbot --nginx)
I recently set up a site with certbot --nginx -d <domain>. In /etc/letsencrypt/options-ssl-nginx.conf, I added TLSv1.3 to the ssl_protocols directive. However, when I visit the site (Chrome 68), ...
3
votes
2
answers
8k
views
Unable to use LetsEncrypt - CertBot - When HTTP to HTTPS redirect is setup
I am trying to configure CertBot and it only works when I serve my site over http. Usually I have an https redirect and I don't want to have to change the site config each time I need to use certbot. ...
3
votes
2
answers
2k
views
I have a rewrite in an apache httpd conf file, that breaks certbot. Is there a way to change it so that it doesn't?
I have a subdomain set up in Apache httpd, that is front-ending for a Tomcat server, with the httpd server secured by Let's Encrypt.
If I have the following rewrite active in the conf file, then ...
3
votes
2
answers
879
views
SSL_ERROR_RX_RECORD_TOO_LONG after installing Certbot on Apache2
I'm trying to set up a web server on a raspberry pi, it's running a debian based system.
I installed and set up apache (following this guide), set up port forwaring on my router and created 3 html ...
3
votes
1
answer
9k
views
When using Let's Encrypt certbot, how do I restart/reload a network service only once and only if the cerificate was actually renewed?
The certbot command provides two hooks that run after automated renewals, from the docs:
--post-hook POST_HOOK
Command to be run in a shell after attempting to
...
3
votes
1
answer
8k
views
How to use Certbot with server in docker container?
I have Tomcat 8 running in a docker container. Specifically, the image tomcat:8-jre8 . I am trying to install a certificate from Let's Encrypt in order to get all communications to the server to run ...
3
votes
2
answers
2k
views
Renew Let's encrypt certificate automatically without stopping nginx hosted on docker
I am using nginx as proxy and SSL termination for the site hosted on docker. App & nginx both are on docker. I have installed Let's encrypt SSL using Certbot directly on Ubuntu server. And now ...
3
votes
2
answers
495
views
Using certbot DNS authorization with multiple API accounts?
I'm using EFF certbot ACME client to generate a single TLS certificates on my webserver that is hosting multiple domains using Subject Alternative Names (SAN). Up until now all of the domains where ...