I have four domains listed, all need to be renewed as a single certificate IIUC
I have made manual changes to serve a few static domains alongside the dietpi-installed Nextcloud and BitWarden domains. My question is: should I manually disable all the domain files in Nginx for now, to let dietpi-letsencrypt or certbot do its thing? All the domains resolve to this same machine, i.e. it’s a single public IP address (77.x.x.x).
The four domains all work right now. I’ve been getting warnings from LE which led me to investigate the status of the renewals, and that generated the errors I mentioned. Two examples: jeelabs.org and git.jeelabs.org - you can probably check this from your end.
I might have messed up my nginx setup somehow w.r.t. LE renewal, but the sites have all been working fine for the past months. I’m hesitant making changes (am not a sysadmin …). If there is a way to termporarily get all the nginx settings in a state which lets LE renewal proceed, then that’d help - at least for the time being.
One thing I don’t understand is where the .well-known/acme-challenge/... redirect for certbot is defined. Just guessing on my part, it looks like this special URL is set up while validating the domain … I had to re-enable HTTP (it was redirecting to HTTPS in the dietpi menu setting).
PS. Yes, ports 80 and 443 are both forwarded to this RasPi4 server. With wget, I get the same homepage for both protocols.
Solved! I disabled the jeelabs.org nginx config (not the others, apparently that’s ok):
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers all 4 domains. So in short: to get renewal going in my case, I had to disable the extra (static) domain listed as 1st one in dietpi-letsencrypt, and then the renewal went through. Then I re-enabled (i.e. ln -s ../sites-available/...) and all is back to normal.
It’s not 100% automatic, but at least this renews for 2-3 months of HTTPS-enabled service.