I have an issue where certbot (on Ubuntu) is storing the certificate files in the current directory, rather than in /etc/letsencrypt/live/${domain}. It did store files in the right place with other domain names I generated in the past, so I'm not sure what has changed.
Two important notes:
I used a CSR file in this case, not sure if it's related
I am generating a certificate for a url that represents a CNAME
Here's what I ran:
certbot certonly --csr /home/me/my.csr --manual --preferred-challenges dns -d support.acme.com
For some reason, the files are created in the directory I run the command. In addition, I do not see a private key file, only a certificate, a chain file and a full chain file, all numbered:
0000_cert.pem, 0000_chain.pem, 0001_chain.pem
Why are the files not generated under the /etc/letsencrypt/live/support.acme.com directory?
Why is a private key not generated?
Thanks!
Related
I bought an SSL certificate because the one I had expired. How can I update this in letsencrypt cert bot,nginx?
I have 4 .crt files. Is it possible to simply overwrite the ssl in the existing example.pem file? Then I simply reload nginx?
What I mean, so here's the old example.pme file:
-----BEGIN CERTIFICATE-----
pQAABAMARzBFAiEAtVUqdO5TvjFCWA2a/xo6TazLWI8ZJkOLx5/frToDLkgCIERW
W3ZxyNB7CP91DiNRJEsKJ9qu8fHv7sbqKGzlPXgwAHYAIkVFB1lVJFaWP6Ev8fdt
huAjJmOtwEt/XcaDXG7iDwIAAAFzpdCu0gAABAMARzBFAiBKo45S3xgIa9BXAlw1
HWUFvbotsD+bmDqkuTsPLIK7xwIhANsUGH9r8ZRFCbbRkwZLV7aVgIH42Xgs4y3F
fDHfYxbgAHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAFzpdCu
-----END CERTIFICATE-----
in this example.pme file, I would simply delete the old ssl and copy the new one.
And after reload nginx.
In the example.pem file, I overwrote the old SSL with the new one, then reloaded and restarted nginx, but the browser still says that ssl has expired. What could be the problem?
You can simply override files. There is no need to delete. And if you want to delete files and place new files then you need to give necessary permission to the files.
You can try the following command for reload & restart nginx and reboot your system.
1. sudo /etc/init.d/nginx reload
2. sudo /etc/init.d/nginx restart
OR
2.1 sudo /etc/init.d/nginx stop
2.2 sudo /etc/init.d/nginx start
Optional (reboot your system):
3. sudo reboot
I have an Nginx server that has some 50 redirect config files it pulls from.
Is there any way to pull this data as a single list of the server names being listened on once Nginx is running? Or is my best option to manually compile the data?
I have SSH'd in but can't see anywhere obvious that this data could be. Is there a command I could use?
Add in your nginx.conf include /etc/nginx/sites-enabled/*; or another path where your sites located
after it check your configs
command nginx -t
and reload
command service nginx reload
If you meant you want to see complete config in one go then you can use below command
nginx -T
This will tell you if there are any errors in config and if not will print the whole config also
Edit-1: 5th Jul 2018
There is nothing like a apachectl -S in nginx. The only other thing you may try and do is to filter the complete config
nginx -T | grep server_name
I'm using an Amazon EC3 with 2 vhosts now, they both have valid certificates.
Now I want to add a third virtual host, I added the nginx config file but when I try to run the following command
it's looking for the "default" nginx config file. but in my case it's named "web"
certbot --nginx -d mysite.be www.mysite.be
Can I add a command so that certbot looks in my web file for the valid config instead of the default one?
You could make an alias.
ln -s /etc/nginx/sites-available/your_file_name /etc/nginx/sites-enabled
Just following the simple instructions here (Debian 7 Wheezy with Nginx 1.8.x)
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04
./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/html -d sub.domain.com
I see it creating the folder .well_known (under /var/www/html) but it does not create the acme-challenge folder (and the actual file underneath it) so on the http postback, I am getting The client lacks sufficient authorization because the file does NOT exist
How would I got about trying to track down why it won't create the
/var/www/html/.well_known/acme-challenge/file
file?
Thanks,
Chris
Normally we point nginx at a directory by using the root directive in conf/nginx.conf.
However, I am wondering if I can put something for that option so that nginx will always serve the directory that I am currently working in (that is, the output of pwd) instead of the fixed path. I have tried setting . as the root, but that does not seem to work.
I am running nginx as a non-root user, serving requests at a port greater than 1024.
If you use directive root .;, the real path of root directory is /<nginx_prefix_path>/..
You can use command sbin/nginx -p $(pwd) -c /path/to/nginx.conf to start nginx,
in which case <nginx_prefix_path> is changed to your current working directory.
BTW, command sbin/nginx -h shows the default <nginx_prefix_path>:
-p prefix : set prefix path (default: /usr/local/nginx/)