I asked a question earlier about Let's Encrypt details at How can I use Let's Encrypt (letsencrypt.org) as a free SSL certificate provider?, and @warren answered, saying:
I have written a pair of how-tos for running Let's Encrypt SSL certs on CentOS: initial setup & cronning it.
Based on that, I had a weekly crontab entry that called a script:
#!/bin/bash
cd ~/letsencrypt
git pull
apachectl stop
~/letsencrypt/letsencrypt-auto --agree-tos --keep --rsa-key-size 2048 --standalone certonly -m root@firstdomain.tld -d firstdomain.tld -d seconddomain.tld -d jobhunttracker.com -d thirddomain.tld -d subdomain.firstdomain.tld -d fourthdomain.tld
apachectl start
I see one discrepancy with cronning it, namely that I specified four second level domains and one subdomain of the first domain, where the sample code specifies one second level domain and leaves a door open to 0 or more subdomains of the initial domain. Beyond that, I thought I was following the crontab article.
I received one or two notices by email stating that I needed to update my Let's Encrypt certificates; puzzled, I ran the crontab by hand, and after it said everything was up-to-date.
When it wasn't updating things, I renamed /etc/letsencrypt, and found that that was not a solution; it wanted some things kept in place. The eventual solution I had found involved renaming /etc/letsencrypt/archive and /etc/letsencrypt/live and then running letsencrypt-auto one time per -d domain.tld because letsencrypt-auto only seemed to see the first top-level domain specified. And then manually editing the VirtualHosts under /etc/sites-enabled because existing code referenced certificates etc. under /etc/letsencrypt/live/domain.tld/ but the new certificates were installed under /etc/letsencrypt/live/domain.tld-0001/.
Now my sites seem to be live without a certificate error, but so far as I can tell the initial setup article was a hit, while the cronning it post was a miss.
How can I set things up for a smoother update process next year?
