Update: concise instructions
This morning I was greeted with this warning from Chrome when visiting https://derivationmap.net
I SSH'd into my DigitalOcean node and ran a scan of the certs that certbot can find
$ sudo certbot renew
----------------------
Processing /etc/letsencrypt/renewal/derivationmap.net.conf
----------------------
Cert not yet due for renewal
----------------------
The following certs are not due for renewal yet:
/etc/letsencrypt/live/derivationmap.net/fullchain.pem expires on 2020-10-08 (skipped)
No renewals were attempted.
However, when I run a manual scan of the certs used by my site,
$ openssl x509 -dates -noout < /home/pdg/proofofconcept/v7_pickle_web_interface/certs/fullchain.pem notBefore=May 11 15:26:19 2020 GMT notAfter=Aug 9 15:26:19 2020 GMT
The corresponds with the command history entry from 2020-05-11,
sudo certbot certonly --webroot \ -w /home/pdg/proofofconcept/v7_pickle_web_interface/certs \ --server https://acme-v02.api.letsencrypt.org/directory \ -d derivationmap.net -d www.derivationmap.net
Solution
Delete existing certs
sudo rm -rf /etc/letsencrypt/{live,renewal,archive}/{derivationmap.net,derivationmap.net.conf}/
Request new certs
sudo certbot certonly --webroot \ -w /home/pdg/proofofconcept/v7_pickle_web_interface/certs \ --server https://acme-v02.api.letsencrypt.org/directory \ -d derivationmap.net -d www.derivationmap.net
Copy new certs to directory that nginx mounts in Docker-compose
cd /home/pdg/proofofconcept/v7_pickle_web_interface/certs sudo cp /etc/letsencrypt/live/derivationmap.net/fullchain.pem . sudo cp /etc/letsencrypt/live/derivationmap.net/privkey.pem . sudo chown pdg:pdg privkey.pem openssl dhparam -out dhparam.pem 2048
Restart Docker-compose
docker-compose up --build --force-recreate --remove-orphans --detach
If the docker containers are not restarted, the changes made to the file on the host won't take effect.
Verify in a browser that https://derivationmap.net/ has the updated certificate.
Set a calendar reminder to renew the certificate
No comments:
Post a Comment