Let’s Encrypt – Doing Dumb Things…

Problem:

I moved servers – copying the Apache configuration and /etc/letsencrypt to the new server. Everything went well but now when I have to renew I cannot. I get all types of errors. (Yes, I KNOW that I did a really dumb thing forgetting to copy my backups as well :cry:)

Solution:

Here is what I had to do – much of it is similar to getting the “starter” Apache 2 SSL set up

  • You need to create the self-signed certificates first (e.g. “sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt”)
  • Once that is done, you need to create the SSL vhost files (assuming you are using virtual hosts – I am) using the self-signed certificates. You can (I did, at least) use the same self-signed certificate for each vhost. The important thing to note here is that letsencrypt must have apache running ssl already. It will not work if apache is not up and/or there are no ssl sites. (This drove me mad for a couple of hours!)
  • Once this is done you can back up your /etc/letsencrypt directory (you could probably blow it away but you are probably paranoid now :slight_smile: )
  • Restart apache (e.g., apache2ctl restart – by this time I will terminate with extreme prejustice :imp: )
  • Check to see if your sites are up and running. Your web browser probably will give you an insecure warning. That is okay – we will be putting real certificates in place; you just need to ensure that apache is working with ssl.
  • Run letsencrypt –apache ya-da, ya-da, ya-da
  • You might have to restart apache manually after it finishes but that’s okay

Now, don’t forget to:
1. Back up you letsencrypt directory (I am really paranoid now :confounded:)
2. Back up your apache config files (Yes, I am really paranoid now)

One more thing:

  • Make sure that the renewals are working (e.g., letsencrypt renew)
  • Put that in your cron jobs so that it renews each month

 

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.