Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certbot]

328 questions
2
votes
1 answer

permission denied error for letsencrypt certificates

This error is from dovecot where it can't read the certificate because of permissions I tried changing permissions around, presently I have everything on 644 I understand the paths are only links to /etc/letsencrypt/archives file paths so I really…
fugee ohu
  • 23
  • 1
  • 5
2
votes
1 answer

How to fix certificate chain with letsencrypt / certbot?

I cannot wrap my head around the following problem. Verifying the certificates of the server with openssl fails, the chain is imcomplete. Disclaimer: I am not an admin and did not work much with certificates yet. Verifiy with OpenSSL $ openssl…
BairDev
  • 125
  • 1
  • 1
  • 8
2
votes
1 answer

certbot option to _display_ configs (specifically currently-registered email address)

Does anyone know of an option with certbot (a.k.a. letsencrypt) to show the current configuration options? I know one can specify the config file (--config) and specify the registered email address (-m), but I'd like to inspect (in an automated way)…
mmuurr
  • 135
  • 1
  • 5
2
votes
1 answer

Finding out if a certificate is due for renewal without triggering the actual renewal with Certbot

I am trying to use Certbot to allow for semi-automated certificate updates. I don't want fully-automated updates to avoid automatic certificate replacements that could interrupt business and ensure that a sentient administrator is available when the…
aef
  • 1,745
  • 4
  • 25
  • 43
2
votes
2 answers

Unable to get a certificate from Letsencrypt using the DNS-01 challenge

I've tried getting a certificate using certbot, caddy, and lego. They've all returned similar errors with this domain. I used the DNS-01 challenge. Here's output from the lego client: ananth@wopr ~> lego -a -m "my@email.com" -d subhamho.me -d…
Ananth
  • 51
  • 1
  • 9
2
votes
1 answer

Nginx with letsencrypt - duplicate value "TLSv1.2"

SSL test capped my result to B because of enabled TLS 1.0 and 1.1. I know I should add such line to my config: ssl_protocols TLSv1.2 TLSv1.3; This is my minimized config: server { root /var/www/mezinamiridici.cz/html; listen [::]:443 ssl…
Leos Literak
  • 305
  • 4
  • 13
2
votes
1 answer

On CentOS Certbot / Lets Encrypt uses snap to keep SSL certificates up to date. Is there another method that will keep certificates up to date?

Environment: Centos 8, Certbot, Lets Encrypt On CentOS distributions certbot / Lets Encrypt uses snap to keep SSL certificates up to date. Below are the instructions. certbot instructions: Nginx on CentOS/RHEL 8 $ sudo snap install core; sudo snap…
myNewAccount
  • 569
  • 1
  • 6
  • 19
2
votes
1 answer

certbot on site tunneled to internal network HTTP site

I have a cloud server running Ubuntu 20.04, a configured domain to the cloud server, and a server in my local network serving an HTTP website. I have successfully tunneled my local network server HTTP website to my cloud server - accessible…
I like to code
  • 121
  • 3
2
votes
1 answer

Why OCSP stapling on NGINX for "buypass" DV certs fails without explicit root declaration?

tl;dr For buypass DV certs fetched by certbot I need to explicitly tell NGINX to trust buypass root cert to enable OCSP stapling. This is not the case for Let's Encrypt certificates and I cannot figure out why. I have found a way (see bellow) which…
Yan Foto
  • 131
  • 6
2
votes
2 answers

Certbot semi-manual operation

I want to ask if it's possible to use Certbot for a semi-automated setup where the underlying infrastructure is controlled by me and not by Certbot. I understand that Certbot will communicate with Let's Encrypt to issue a challenge, which is…
usr-local-ΕΨΗΕΛΩΝ
  • 2,359
  • 7
  • 34
  • 52
2
votes
2 answers

Using certbot DNS authorization with multiple API accounts?

I'm using EFF certbot ACME client to generate a single TLS certificates on my webserver that is hosting multiple domains using Subject Alternative Names (SAN). Up until now all of the domains where hosted in a specific Digital Ocean team, and I have…
Guss
  • 2,670
  • 5
  • 34
  • 59
2
votes
1 answer

How to make Certbot respect Debian standards for certificate deployment?

Certbot seems to manage X.509 certificates and private keys in its own directory structure in /etc/letsencrypt. On Debian-based systems (including Ubuntu, Linux Mint and others) X.509 certificates are classically stored in /etc/ssl/certs and private…
aef
  • 1,745
  • 4
  • 25
  • 43
2
votes
2 answers

Certbot post-renewal/post-deploy hook in cron job

On a mail server I need to reload Dovecot after Certbot renews my Let's Encrypt certificates. According to the Certbot documentation a --deploy-hook can be used: Command to be run in a shell once for each issued certificate. I found the cron job…
Dirk J. Faber
  • 75
  • 5
2
votes
2 answers

How do I check SSL certificate when using Cloudflare DNS?

So usually I just create a letsencrypt certificate and setup it up, then i open up the browser and click the "LOCK" icon and check the certificate info, this tells me that my setup actually worked and was installed correctly. What I ran into today,…
farinspace
  • 173
  • 1
  • 1
  • 13
2
votes
1 answer

Can't install certbot on an Amazon Linux 2 EC2 instance

I set up Amazon Linux AMI EC2 instance via ECS (elastic container service). It seems like by default it doesn't have that many packages installed. When I'm trying to install certbot using the command: sudo yum install certbot I get errors…
Aerodynamika
  • 216
  • 1
  • 2
  • 8
1 2 3
21 22