How To Renew A Single Domain With certbot
Test Renewal of a Single Domain
1 |
certbot renew --cert-name yourdomain.com --dry-run |
Execute Renewal of a Single Domain
1 |
certbot renew --cert-name yourdomain.com |
Test Renewal of a Single Domain
1 |
certbot renew --cert-name yourdomain.com --dry-run |
Execute Renewal of a Single Domain
1 |
certbot renew --cert-name yourdomain.com |
I ran letsencrypt-auto renew and got the following error:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
root@prod06b:/etc/httpd/conf.d # /root/letsencrypt/letsencrypt-auto renew Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt: Traceback (most recent call last): File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module> from certbot.main import main File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 2, in <module> from certbot._internal import main as internal_main File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/_internal/main.py", line 10, in <module> import josepy as jose File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 41, in <module> from josepy.interfaces import JSONDeSerializable File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 7, in <module> from josepy import errors, util File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 7, in <module> import OpenSSL File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import crypto, SSL File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in <module> from cryptography import x509 ImportError: No module named cryptography |
The solution in this article gave me the answer:
1 2 3 |
sudo rm -rf /opt/eff.org/* sudo pip install -U certbot sudo certbot renew --debug |
Turns out Python was old at version 2.7, so did the following also:
1 2 3 |
sudo yum -y install python36 sudo alternatives --config python sudo pip install --upgrade pip |
Also had to change the cron job script to call certbot directly instead of letsencrypt-auto : vi /root/letsencrypt-cron.sh
1 2 3 4 5 6 7 8 9 10 11 12 |
#!/bin/sh # # letsencrypt-cron.sh # #OLD: if ! /root/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1 ; then #NEW: if ! /usr/bin/certbot renew > /var/log/letsencrypt/renew.log 2>&1 ; then echo Automated renewal failed: cat /var/log/letsencrypt/renew.log exit 1 fi apachectl graceful |
This post does not cover configuring letsencrypt or ssl/https. First, make sure your LetsEncrypt configuration points to the actual WordPress document root directory cat /etc/letsencrypt/renewal/www.yourdomain.com.conf
1 2 3 4 |
... [[webroot_map]] yourdomain.com = /volumes/data/www/yourdomain.com/prod/wordpress www.yourdomain.com = /volumes/data/www/yourdomain.com/prod/wordpress |
Second, use the new macro language feature in Apache 2.4 to configure an https redirect macro which does NOT redirect to https for anything in the .well-known subdirectory. This […]