Wednesday, September 2, 2020¶
It seems that I messed certain things up when trying to install the certificate for https://lets.lino-framework.org yesterday. Now I had a couple of hours to learn more about certbot. I updated the Using Certbot/Let’s encrypt with Lino page and made some changes in getlino : the Lino installer. Though I am still far from knowing everything…
How to see which Debian I am running:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
https://certbot.eff.org/lets-encrypt/debianbuster-nginx
$ sudo apt-get install certbot python-certbot-nginx
Reading package lists... Done
Building dependency tree
Reading state information... Done
certbot is already the newest version (0.31.0-1).
python-certbot-nginx is already the newest version (0.31.0-1).
0 upgraded, 0 newly installed, 0 to remove and 124 not upgraded.
A “messy certificate” is a certificate that covers a domain which is already covered by another certificate. How to find messy certificates?
I deleted a few of them using:
$ certbot-auto delete --cert-name team.new.lino-framework.org
Requesting to rerun /usr/local/bin/certbot-auto with root privileges...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate team.new.lino-framework.org.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(master) luc@lf:/usr/bin$
How can I see all certificates that cover a given domain?
TODO
How to see all enabled sites and the certificate they use:
$ cd /etc/nginx/sites-enabled
$ grep ssl_certificate_key *
How to maintain the list of domains in a separate file.
Let’s say you have a certificate named example.com
Create a file named ~/domains.txt
with one line per domain, each line
starts with -d:
-d example.com
-d www.example.com
-d sub1.example.com
...
-d sub9.example.com
You can now always update this file and then run the following to updated your certificate:
$ xargs -a ~/domains.txt certbot-auto certonly --cert-name example.com