Questions tagged [certbot]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
160 votes
12 answers
323k views

Best practices for setting a cron job for Let's Encrypt (Certbot) renewal?

Is this correct way to set cron for renewal of Let's Encrypt cert in Apache2 ? I use Ubuntu 16.04. @monthly letsencrypt renew && service apache2 reload
user3448600's user avatar
  • 1,599
36 votes
3 answers
75k views

How to totally remove a certbot-created SSL certificate?

I use Ubuntu 16.04 with Nginx and I've installed Nginx Certbot on my operating system (Ubuntu 16.04) with: apt-get update -y add-apt-repository ppa:certbot/certbot -y apt-get update -y apt-get ...
Arcticooling's user avatar
26 votes
4 answers
87k views

Certbot letsencrypt on different port than 443

I want to set up certbot for a webserver on a different port than 443. I got the following error when running certbot --apache -d <sub>.<domain>.<ext> Failed authorization ...
CaptainJack's user avatar
22 votes
5 answers
49k views

How to install Certbot on Amazon Linux EC2

I have an Amazon EC2 box. I have installed Apache, MariaDb and PHP on it. Among other things, I want to host a couple of WordPress websites on the EC2. How do I go about installing Certbot on Amazon ...
J86's user avatar
  • 431
16 votes
1 answer
75k views

Renew domains using certbot and using DNS challenge

I created several SSL certificates for several domains using the standalone method. I am only interested in the certificates, without server integration. They are now for renewal. So, I ran: certbot ...
Merc's user avatar
  • 797
14 votes
1 answer
4k views

Why does my Let's Encrypt certificate contain references to Cloudflare?

I own a website that uses a Let's Encrypt certificate. It's not behind Cloudflare, it's hosted at OVH and I'm accepting direct traffic from it. Now, I set up an apache2 webserver and used certbot to ...
lolc's user avatar
  • 153
10 votes
10 answers
15k views

certbot for letsencrypt missing pyopenssl module

I need help setting up the CertBot for LetsEncrypt I am running on CentOS 7 with Python 2.7 When I run certbot I get the following error: [root@li86-193 frappe-bench]#certbot certonly --manual ...
cs378's user avatar
  • 123
8 votes
2 answers
19k views

nginx "ERR_TOO_MANY_REDIRECTS" after add ssl

After i add Let's Encrypt certificate to my website with CertBot i get ERR_TOO_MANY_REDIRECTS when i try to visit the domain of my website. some info : -mywebsite build with django, nginx and ...
DAMAR225's user avatar
  • 183
7 votes
3 answers
41k views

How do I specify a port other than 80 when adding SSL certificate using Certbot?

I have a server which runs 2 different web servers (Apache and Nginx). The Apache server takes care of all the traffic directed to Wordpress sites whereas the Nginx server serves my Python API and ...
Dimitar Veljanovski's user avatar
7 votes
1 answer
24k views

Letsencrypt for all subdomains *.example.com [duplicate]

I'd like to obtain one certificate working for all my subdomains *.example.com. This works: certbot-auto certonly --webroot --webroot-path /home/www/example/ --domain example.com ...
Basj's user avatar
  • 719
7 votes
4 answers
5k views

How to migrate letsencrypt renewal from apache2 to nginx

I inherited a very new magento configuration from a previous employee (who left for another job) where I currently work. The original Magento was set up with v2.1.8 but I have had to update/upgrade ...
Scott's user avatar
  • 173
7 votes
5 answers
9k views

Failing to install certbot on debian jessie

I've followed the instructions at https://certbot.eff.org/all-instructions/#debian-8-jessie-nginx but cannot install certbot: sudo apt-get -t jessie-backports install certbot Reading package lists... ...
Sue Mynott's user avatar
7 votes
1 answer
1k views

Explain Certbot's HTTPS redirect configuration

Can someone explain why Certbot is using the following redirect configuration server { if ($host = example.com) { return 301 https://$host$request_uri; } # managed by Certbot ...
Daniel's user avatar
  • 6,990
7 votes
1 answer
6k views

nginx https www redirect to non-www using let's encrypt certbot

Hi this must be a basic question but I haven't seen an answer with cerbot considerations (if there are any considerations). How do I get https www to redirect to non-www instead of timing out? The ...
duncangarde's user avatar
7 votes
2 answers
5k views

Certbot fails with AttributeError: 'module' object has no attribute 'Locale'

I setup a new server a couple of months ago, running Ubuntu 18.04 LTS. I successfully installed certbot and created my certificates using the cloudflare DNS plugin. It's now getting to be time for ...
Ben Holness's user avatar
6 votes
2 answers
7k views

How to query DNS for special **NAMED** TXT records

I am using certbot to generate a ssl certificate for a third party web app. Because I cannot get into the source code or folder structure, I am using DNS validation. To further complicate things, my ...
wruckie's user avatar
  • 678
6 votes
1 answer
2k views

Why does certbot suddenly fall back to http-01 challenge instead of tls-sni-01 (https)?

I have a well-tested bash script that was running fine until a few weeks ago. It seems that certbot challenge defaults now to http instead of https. I can't figure out the reason. echo 'rsa-key-size =...
Houman's user avatar
  • 1,575
6 votes
1 answer
11k views

SSL_ERROR_RX_RECORD_TOO_LONG certbot

I have the following setup: Apache 2.4 Ubuntu 16.04 LTS letsencrypt / certbot Now, as soon as I enable the following .conf on the default server, all my configured top level domains receive a ...
Michael's user avatar
  • 63
5 votes
1 answer
2k views

How can I disable "Subject Alternative Name" from being included in Certbot Let's Encrypt certificates?

Using Certbot to install an R3 Let's Encrypt certificate on an nginx webserver causes all the other domains in the nginx configuration to be included under "Subject Alternative Name" on the ...
Altimus Prime's user avatar
5 votes
2 answers
11k views

looking for a way to get certbot running on Amazon Linux 2

Amazon has a new Linux out called "Amazon Linux 2" When I try and get certbot going.... wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto gives this error Sorry, I ...
iewebguy's user avatar
  • 213
5 votes
1 answer
2k views

Will certbot actually renew my certificate?

Looking at /etc/cron.d/certbot, I don't think it will! That file includes the line: 0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' ...
IpsRich's user avatar
  • 185
5 votes
1 answer
3k views

Certbot renew certificates with autoprovided webroot

I have created some certificated using certbot's --standalone option but I want to renew them so I run (testing if will get renewed): sudo certbot renew --dry-run But for some domains I get the ...
Dimitrios Desyllas's user avatar
5 votes
2 answers
18k views

How to automate certbot certificate renewal on Ubuntu 20.04

I'm running certbot on Ubuntu 20.04 in AWS, installed as a snap package. I'm not sure if certbot renewal is running properly. I'd appreciate some help working out how to best get it working. This is a ...
Tim's user avatar
  • 32.2k
5 votes
2 answers
6k views

Let's Encrypt DNS challenge with multiple public DNS providers

We use two DNS providers for redundancy. Since the DynDNS DDOS attack of 2016, I expect we are not alone in this practice. I am attempting to use the Let's Encrypt certbot with DNS challenge. Having ...
Larry Silverman's user avatar
5 votes
1 answer
3k views

What exactly does Let's Encrypt certbot's `enhance` command?

Let's Encrypt certbot have subcommand enhance that has a description "Add security enhancements to your existing configuration". The only additional information that I can find in certbot's CLI help ...
Maris B.'s user avatar
  • 182
5 votes
3 answers
2k views

certbot setting up ssl, error "No module named 'ConfigParser'"

I am setting up my website to use https via certbot. I am following the directions here I run the wget and chmod with no problems, but when I execute: ./certbot-auto I get the following errors: ...
john-jones's user avatar
4 votes
3 answers
9k views

Can't find certbot cron job after successful installation

I've developed a REST API in Node and installed nginx as reverse proxy in front of that in order to handle the SSL certificate from Letsencrypt. It's the first time I've set up nginx but everything ...
Martin Gunnarsson's user avatar
4 votes
2 answers
4k views

Migrating certbot/letsencrypt certificate to new server

I have a server out there that supports HTTPS using a certbot/letsencrypt certificate. I am doing a general software upgrade so to minimize risks and downtime, I'm installing new releases on a new ...
xenoid's user avatar
  • 393
4 votes
1 answer
2k views

Installing certbot - error - "nothing provides pyparsing"

I'm trying to set up let's encrypt on my Amazon ec2 RHEL nginx server, via the command $ sudo yum install certbot-nginx but it keeps failing: $ sudo yum install certbot-nginx Last metadata expiration ...
Mike Willis's user avatar
4 votes
2 answers
2k views

monit, let's encrypt, and file permissions

I decided to put monit on my vps running centos 7. I've already got let's encrypt on the server and the certs are installed. I wanted to point monit at the fullchain.pem or the cert.pem, but I get ...
johndoeysmith's user avatar
4 votes
1 answer
737 views

Operation of certbot and nginx

I was hoping someone could satisfy my curiosity about how certbot and nginx interact during renewal time. On my Linux host, I set up certbot and the certbot-nginx plugin. I had some regular nginx site ...
ThanksInAdvance's user avatar
4 votes
2 answers
14k views

Certbot (LetsEncrypt) on custom port (Nginx OR apache)

I've found many similar questions, people asking about how-to setup SSL on different ports (other than 80/443), i.e. 1234 port. However, all answers were like use redirection or proxying requests or ...
T.Todua's user avatar
  • 214
4 votes
1 answer
1k views

Let's encrypt: renew vs new, or: why renew

Might be a stupid question but: where is the difference between renewing a Let's encrypt certificate and just getting a new one? Related question and background for this question: do I need to keep ...
sc911's user avatar
  • 335
4 votes
2 answers
3k views

lighttpd proxy all except .well-known for letsencrypt

I want to configure lighttpd to accept requests from letsencrypt service for cert renewal, but I have a problems with the configuration because it's using as proxy server, so my /.well-known is not ...
TarasH's user avatar
  • 43
4 votes
1 answer
1k views

Could not allocate new session in SSL session shared cache "le_nginx_SSL" while SSL handshaking

I have a centos 8 server with nginx and certbot installed. When I check: cat /var/log/nginx/error.log I get this error a lot: [alert] 2245236#0: *42902735 could not allocate new session in SSL session ...
Adrien Parad's user avatar
4 votes
1 answer
6k views

How can I retrieve my Let's Encrypt registration's current email address?

I understand that Let's Encrypt maintains an email address as a registration and recovery contact for every "account." This email address is used to notify the owner of the certificates of upcoming ...
CODE-REaD's user avatar
  • 243
4 votes
2 answers
2k views

certbot renew crashes nginx and all websites go offline

When sudo certbot renew command is run, nginx server is crashing. The error log in systemd looks like this: - The job identifier is 48862. Sep 01 11:31:52 phoenix.medialab.ntua.gr systemd[1]: nginx....
user000001's user avatar
4 votes
2 answers
5k views

Can't install certbot on ubuntu 16.04.3

I'm trying to install certbot in my ubuntu 16.04.3 server, the same commands that work with 16.04.2 won't do it. The python installed is default Python 2.7.12 This is the installation script: #!/bin/...
Gus's user avatar
  • 163
4 votes
2 answers
4k views

Can I enable TLS 1.3 with Certbot?

I am working with Nginx and Certbot, I have secured a domain with HTTPS. I would like to get the domain up to TLS 1.3. The Nginx server block for my domain get's it's SSL protocols from the included ...
Norman Potts's user avatar
4 votes
1 answer
1k views

How to make Certbot ignore a particular domain in nginx?

I have ~30 domains running on my server, all of them with SSL certificates managed by the Certbot nginx plugin. All of them, except one... let's call it selfsigned.example.com. This domain uses a ...
Thomas's user avatar
  • 811
3 votes
1 answer
4k views

nginx certbot certificate www and non-www

I haven't really wrapped my head around how to create (working) certificates using certbot for nginx. My sites-enables now look like this: First, a block for the www domain with SSL. All the SSL ...
Mattis Erngren's user avatar
3 votes
2 answers
13k views

Export client certificate from Let's Encrypt certificates

I'm running Debian and have certbot for creating Let's Encrypt certificate. I act as client towards a TLS server, and needs to handover my client certificate for approval. I've got the following ...
Alfred Balle's user avatar
3 votes
3 answers
5k views

TLS v1.3 not active despite being enabled in NGINX config (certbot --nginx)

I recently set up a site with certbot --nginx -d <domain>. In /etc/letsencrypt/options-ssl-nginx.conf, I added TLSv1.3 to the ssl_protocols directive. However, when I visit the site (Chrome 68), ...
RalphORama's user avatar
3 votes
2 answers
8k views

Unable to use LetsEncrypt - CertBot - When HTTP to HTTPS redirect is setup

I am trying to configure CertBot and it only works when I serve my site over http. Usually I have an https redirect and I don't want to have to change the site config each time I need to use certbot. ...
FreeSoftwareServers's user avatar
3 votes
2 answers
2k views

I have a rewrite in an apache httpd conf file, that breaks certbot. Is there a way to change it so that it doesn't?

I have a subdomain set up in Apache httpd, that is front-ending for a Tomcat server, with the httpd server secured by Let's Encrypt. If I have the following rewrite active in the conf file, then ...
hbquikcomjamesl's user avatar
3 votes
2 answers
879 views

SSL_ERROR_RX_RECORD_TOO_LONG after installing Certbot on Apache2

I'm trying to set up a web server on a raspberry pi, it's running a debian based system. I installed and set up apache (following this guide), set up port forwaring on my router and created 3 html ...
Simone's user avatar
  • 31
3 votes
1 answer
9k views

When using Let's Encrypt certbot, how do I restart/reload a network service only once and only if the cerificate was actually renewed?

The certbot command provides two hooks that run after automated renewals, from the docs: --post-hook POST_HOOK Command to be run in a shell after attempting to ...
Walf's user avatar
  • 411
3 votes
1 answer
8k views

How to use Certbot with server in docker container?

I have Tomcat 8 running in a docker container. Specifically, the image tomcat:8-jre8 . I am trying to install a certificate from Let's Encrypt in order to get all communications to the server to run ...
Nevado's user avatar
  • 31
3 votes
2 answers
2k views

Renew Let's encrypt certificate automatically without stopping nginx hosted on docker

I am using nginx as proxy and SSL termination for the site hosted on docker. App & nginx both are on docker. I have installed Let's encrypt SSL using Certbot directly on Ubuntu server. And now ...
Krunal's user avatar
  • 251
3 votes
2 answers
495 views

Using certbot DNS authorization with multiple API accounts?

I'm using EFF certbot ACME client to generate a single TLS certificates on my webserver that is hosting multiple domains using Subject Alternative Names (SAN). Up until now all of the domains where ...
Guss's user avatar
  • 2,760

1
2 3 4 5
7