Hi All,
I have installed lighty / certbot and ran it on mydomain.com but afterwards realised I would like to have www.mydomain.com also.
[https://www.mydomain.com auto redirects to https://mydomain.com]
I have read that the --expand option let's you add domains to an existing cert but I can't seem to locate 'certbot-auto' or 'letsencrypt-auto'
If I re-run dietpi-letsencrypt will it just create a new cert in addition to the existing one?
Also, would two certs be update by the cron job?
Thanks!
LetsEncrypt Problem / Advice
Re: LetsEncrypt Problem / Advice
Use certbot --expand instead.
certbot-auto is only valid, if you installed the certbot binaries from source, while DietPi-Software installs it from APT repo.
dietpi-letsencrypt will only renew existing certs, if you rerun it.
certbot-auto is only valid, if you installed the certbot binaries from source, while DietPi-Software installs it from APT repo.
dietpi-letsencrypt will only renew existing certs, if you rerun it.
Re: LetsEncrypt Problem / Advice
Thanks for quick response - will give that a shot now!
Lastly will auto updates still work out ok?
Lastly will auto updates still work out ok?
Re: LetsEncrypt Problem / Advice
Jep, certbot will safe the settings and auto certificate renewal will then apply to the new domain list.
Re: LetsEncrypt Problem / Advice
OK Thanks!
I ran
everything seemed ok [had to halt lighty to do this] I then removed dry run and it looked like process completed with no errors. I can see additional fingerprint in keystores below the original and then I rebooted pi
However... https://www.mydomain.com gets auto directed to https://mydomain.com in Chrome and in IE I get a cert error. When reading the cert in IE it shows only mydomain.com referenced in the cert? When I try https://mydomain.com in IE it works fine.
Edit: Just noticed combined.pem doesnt look right - timestamp is from earlier on.... then read the README - fullchain.pem does contain two cert fingerprints
Edit2: think I am barking up the wrong tree here;
# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: mydomain.com
Domains: mydomain.com www.mydomain.com
Expiry Date: 2019-03-11 21:19:30+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/mydomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mydomain.com/privkey.pem
-------------------------------------------------------------------------------
So new cert does include www version - is there some 'caching' at Let's Enctrypt?
Edit3: now think this is more to do with lighty - with http://www.mydomain.com or http://mydomain.com either will work.
$HTTP["host"] =~ "(^|\.)mydomain\.com$" {
server.document-root = "/var/www"
}
Feeling the above is interpreted differently when using https ?
I ran
Code: Select all
certbot --expand certonly --standalone -d mydomain.com -d www.mydomain.com --dry-run
However... https://www.mydomain.com gets auto directed to https://mydomain.com in Chrome and in IE I get a cert error. When reading the cert in IE it shows only mydomain.com referenced in the cert? When I try https://mydomain.com in IE it works fine.
Edit: Just noticed combined.pem doesnt look right - timestamp is from earlier on.... then read the README - fullchain.pem does contain two cert fingerprints
Edit2: think I am barking up the wrong tree here;
# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: mydomain.com
Domains: mydomain.com www.mydomain.com
Expiry Date: 2019-03-11 21:19:30+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/mydomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mydomain.com/privkey.pem
-------------------------------------------------------------------------------
So new cert does include www version - is there some 'caching' at Let's Enctrypt?
Edit3: now think this is more to do with lighty - with http://www.mydomain.com or http://mydomain.com either will work.
$HTTP["host"] =~ "(^|\.)mydomain\.com$" {
server.document-root = "/var/www"
}
Feeling the above is interpreted differently when using https ?
Re: LetsEncrypt Problem / Advice
I now suspect it's more down to my lack of understanding of how https / ssl / certs work together...
Also, reading through most of the posts on serverfault it seems way more people want to redirect the www version to the non-www version so I am assuming there is a desirable / technical reason for that I am failing to understand?
Maybe I should just be happy with the way things work now as it's not a big difference anyway - and I have seen both version being used in many different places.
I am leaving some links here for further reading / reference;
https://redmine.lighttpd.net/projects/1 ... odredirect
https://stackoverflow.com/questions/339 ... -https-www
https://serverfault.com/questions/29361 ... serve-path
https://serverfault.com/questions/25837 ... with-nginx
https://serverfault.com/questions/35861 ... to-non-www
Also, reading through most of the posts on serverfault it seems way more people want to redirect the www version to the non-www version so I am assuming there is a desirable / technical reason for that I am failing to understand?
Maybe I should just be happy with the way things work now as it's not a big difference anyway - and I have seen both version being used in many different places.
I am leaving some links here for further reading / reference;
https://redmine.lighttpd.net/projects/1 ... odredirect
https://stackoverflow.com/questions/339 ... -https-www
https://serverfault.com/questions/29361 ... serve-path
https://serverfault.com/questions/25837 ... with-nginx
https://serverfault.com/questions/35861 ... to-non-www