Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certbot]

328 questions
6
votes
1 answer

Why does certbot suddenly fall back to http-01 challenge instead of tls-sni-01 (https)?

I have a well-tested bash script that was running fine until a few weeks ago. It seems that certbot challenge defaults now to http instead of https. I can't figure out the reason. echo 'rsa-key-size = 2048 renew-hook = /usr/sbin/ipsec reload &&…
Houman
  • 1,545
  • 4
  • 22
  • 36
6
votes
1 answer

SSL_ERROR_RX_RECORD_TOO_LONG certbot

I have the following setup: Apache 2.4 Ubuntu 16.04 LTS letsencrypt / certbot Now, as soon as I enable the following .conf on the default server, all my configured top level domains receive a SSL_ERROR_RX_RECORD_TOO_LONG error. If I disable this…
Michael
  • 63
  • 1
  • 1
  • 4
5
votes
1 answer

What exactly does Let's Encrypt certbot's `enhance` command?

Let's Encrypt certbot have subcommand enhance that has a description "Add security enhancements to your existing configuration". The only additional information that I can find in certbot's CLI help file is: enhance: Helps to harden the TLS…
Maris B.
  • 182
  • 3
  • 12
5
votes
2 answers

Let's Encrypt DNS challenge with multiple public DNS providers

We use two DNS providers for redundancy. Since the DynDNS DDOS attack of 2016, I expect we are not alone in this practice. I am attempting to use the Let's Encrypt certbot with DNS challenge. Having two DNS providers seems to pose a problem. Do both…
Larry Silverman
  • 567
  • 6
  • 13
5
votes
1 answer

Certbot renew certificates with autoprovided webroot

I have created some certificated using certbot's --standalone option but I want to renew them so I run (testing if will get renewed): sudo certbot renew --dry-run But for some domains I get the error Attempting to renew cert from…
Dimitrios Desyllas
  • 563
  • 2
  • 11
  • 30
5
votes
2 answers

looking for a way to get certbot running on Amazon Linux 2

Amazon has a new Linux out called "Amazon Linux 2" When I try and get certbot going.... wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto gives this error Sorry, I don't know how to bootstrap Certbot on your operating…
iewebguy
  • 213
  • 1
  • 3
  • 7
5
votes
3 answers

certbot setting up ssl, error "No module named 'ConfigParser'"

I am setting up my website to use https via certbot. I am following the directions here I run the wget and chmod with no problems, but when I execute: ./certbot-auto I get the following errors: Setting up gyp (0.1+20150913git1f374df9-1ubuntu1)…
john-jones
  • 85
  • 14
5
votes
3 answers

How do I specify a port other than 80 when adding SSL certificate using Certbot?

I have a server which runs 2 different web servers (Apache and Nginx). The Apache server takes care of all the traffic directed to Wordpress sites whereas the Nginx server serves my Python API and React Web App. Due to conflicting ports with Apache,…
Dimitar Veljanovski
  • 69
  • 1
  • 1
  • 8
5
votes
1 answer

How can I disable "Subject Alternative Name" from being included in Certbot Let's Encrypt certificates?

Using Certbot to install an R3 Let's Encrypt certificate on an nginx webserver causes all the other domains in the nginx configuration to be included under "Subject Alternative Name" on the certificate. This is undesirable for my use case. I read…
Altimus Prime
  • 364
  • 2
  • 7
  • 22
5
votes
1 answer

Will certbot actually renew my certificate?

Looking at /etc/cron.d/certbot, I don't think it will! That file includes the line: 0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew and, unless I'm reading it wrong,…
IpsRich
  • 173
  • 8
5
votes
2 answers

How to automate certbot certificate renewal on Ubuntu 20.04

I'm running certbot on Ubuntu 20.04 in AWS, installed as a snap package. I'm not sure if certbot renewal is running properly. I'd appreciate some help working out how to best get it working. This is a new server, which I turn on and off while I'm…
Tim
  • 31,888
  • 7
  • 52
  • 78
4
votes
1 answer

Installing certbot - error - "nothing provides pyparsing"

I'm trying to set up let's encrypt on my Amazon ec2 RHEL nginx server, via the command $ sudo yum install certbot-nginx but it keeps failing: $ sudo yum install certbot-nginx Last metadata expiration check: 2:58:11 ago on Sat 17 Aug 2019 11:29:45 PM…
Mike Willis
  • 203
  • 2
  • 14
4
votes
1 answer

Let's encrypt: renew vs new, or: why renew

Might be a stupid question but: where is the difference between renewing a Let's encrypt certificate and just getting a new one? Related question and background for this question: do I need to keep the account data from certbot? As long as I can…
sc911
  • 335
  • 3
  • 15
4
votes
1 answer

How to make Certbot ignore a particular domain in nginx?

I have ~30 domains running on my server, all of them with SSL certificates managed by the Certbot nginx plugin. All of them, except one... let's call it selfsigned.example.com. This domain uses a self-signed certificate because it's being accessed…
Thomas
  • 811
  • 1
  • 9
  • 18
4
votes
2 answers

monit, let's encrypt, and file permissions

I decided to put monit on my vps running centos 7. I've already got let's encrypt on the server and the certs are installed. I wanted to point monit at the fullchain.pem or the cert.pem, but I get this error. Dec 30 00:56:52 [23926]: The SSL…
johndoeysmith
  • 51
  • 5
1
2
3
21 22