Comments (10)
The process is essentially "reuse the previous CSR", as I understand it; it's the same thing the official client does with its 'certonly' command, IIRC, except it runs through all of them instead of one certificate at a time;
https://letsencrypt.org/howitworks/#renewing-a-certificate
They're currently discussing updating this process as well;
https://community.letsencrypt.org/t/help-us-test-renewal-with-letsencrypt-renew/10562
But basically, reusing the existing CSR is how we're using the nosudo client, with some evolving logic around it in our existing workflow that checks whether a certificate exists, sets the existing certificate aside in case anything goes wrong, etc.
Good test to use for renewal;
openssl x509 -noout -checkend 2419200 -in ${CERT_FILE}
Exits with 0 if valid for more than 28 days (2419200 seconds), or with 1 if there's less then 28 days left.
Oh, and you'll probably want to start testing the age of the key, at some point, and generate a new one at a suitable interval, anywhere from one to three years.
from acme-nosudo.
I'm happy to help. Is the process essentially "keep your previous CSR, just do the remaining dance steps again"?
from acme-nosudo.
More info or documentation for renewal will be of much help... is there any way to use the renewal script from http://do.co/le-renew , the code still needs letsencrypt to be installed any ideas?
from acme-nosudo.
The process for renewal is basically the same as the initial signing, but would love hold on updating the README for clarified instructions on how to renew.
from acme-nosudo.
anyone can help me identify the files to be used in:
SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/example.com.crt // i used the chaimed.pem
SSLCertificateKeyFile /etc/ssl/private/example.com.key // used the user.key
#SSLCertificateChainFile /etc/ssl/certs/ca-bundle.crt commented this out
Am i doing it correct
from acme-nosudo.
@noelgeorgi The CSR, or the Certificate Signing Request, not the certificate (.crt) or the private key (.key); if you did not save it somewhere, you should just request a new certificate, and then save the CSR this time around for renewal in two months or so.
from acme-nosudo.
If you're looking at which files to test for expiry; test the certificate, not the key. The latter does not expire on its own.
from acme-nosudo.
the script only produces two files the private key and the certificate. what should i use for the SSLCertificateChainfile?
from acme-nosudo.
@noelgeorgi The same one you've used before. Covered in the documentation; https://github.com/diafygi/letsencrypt-nosudo#how-to-use-the-signed-https-certificate
from acme-nosudo.
I've decided that renewals should just re-run the sign_csr.py
script. It works fine in renewing the same CSR and public key files.
from acme-nosudo.
Related Issues (20)
- Will there be a protocol V2 update? HOT 1
- Cannot create certificates for v6-only hosts HOT 1
- ModuleNotFoundError: No module named 'urllib2' HOT 4
- > (I might be quite wrong with all the following, it's mostly an observation)
- what does this error mean? HOT 1
- Syntax error or user error??? HOT 2
- Python script does not work for IPv6 HOT 1
- agreement url changed HOT 1
- Stopped working in Windows HOT 1
- issue with rsa -in user.key -pubout > user.pub HOT 1
- Steps produce two certificates ? HOT 2
- Renewal fails with error HOT 2
- Syntax error in: pub_exp = "0{0}".format(pub_exp) if len(pub_exp) % 2 else pub_exp HOT 2
- Dadanationnonprofit HOT 1
- Does this script also record IP address? HOT 1
- Spurious bad-nonce replies from letsencrypt, cause repeated script fail HOT 3
- Action required: Let's Encrypt subscriber agreement URL Change HOT 3
- acme registration id? HOT 1
- sign_csr.py fails on debian stretch with OpenSSL 1.1.0f 25 May 2017 HOT 2
- Please rename project HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-nosudo.