Return to Level1Techs.com

Renewing Expired Cert with Certbot


#1

I let my cert expire yesterday like an idiot and the certbot renew command fails. Is there a way to make this work or do I have to create a whole new cert?

I have rebooted the server and that did not resolve the issue.


#2

maybe this might help?


#3

I don’t see apache or nginx under services


#4

what do you use as your webserver? also is it in a docker?


#5

I thought it was nginx but that might have been on my old server, I moved from AWS to DO and I have UniFi and UNMS running on this server so I guess so? Docker is running on this machine.

I used a tutorial to set this up, this is the only Linux machine I run lol. Am noob


#6

I use nginx, and renew with sudo certbot renew --preferred-challenges http although I used to just do sudo certbot renew but that broke at some point.

Am not really experiences in this either.


#7

Stopped docker and ran certbot renew, worked


#8

docker must’ve bind to the 443, not letting cerbot use it.


#9

Still getting SSL error though, after reboot too. Does it take some time?


#10

what was the output of the certbot? the certificates it got should be available for webserver to host.


#11

Fuck idk lol, saw successful and restarted the whole machine. Running certbot again says nothing is up for renewal now though.


#12

I think this is a hint


#13

yeah it doesn’t know what webserver is running. I assume it’s in docker? I never really used a docker tho so idk.

if it’s in a docker you’ll probably need to mound the folder with certs to that docker and confiure the webserver to read those certs

in any case we need more info about your setup to try and help


#14

What role does Docker play here? nginx image? Certbot image?


#15

It is in a Docker, and I have no idea how to interact with that lol.

I’m pretty sure I followed this guide, minus setting up the crontab part lol. Hence why I’m in this situation I assume

https://crosstalksolutions.com/lets-encrypt-unifi/


#16

I don’t remember configuring Docker myself. I had issues upgrading UniFi or UNMS at some point and a UBNT employee on their community forums gave me a script to run, and I think that’s what installed Docker?


#17

docker ps will show you what containers are running.

docker exec -it imageName bash will give you shell on the image. You can navigate around after that.

If “bash” doesn’t work you can do ‘sh’ or ‘/bin/bash’. Some container images are really, really low environment so they don’t have a lot of the luxuries we are used to. :wink:


#18

Mmm… Interesting. Definitely find out what it’s running and how vital it is your system. If it is what’s reading/caching the cert it might be what’s causing the renewal issue.


#19

Docker just shows a bunch of shit for UNMS, which I’m not having issues with. If I list services I see UniFi though, but no web server? I’m confuzzled


#20

This shit is too confusing, after this I’m going to run UNMS and UniFi on totally separate instances lol