Updating LetsEncrypt SSL Cert Remotely
When you can't get things to run properly on your server, do it on your dev machine!
I have a certain website application that I have not properly maintained. It is running Django 1.something on Python 2.7. It also using WordPress on PHP5. I'm sure the Postgres and MySQL DBs are out of date as well.
Frankly, it should be updated or taken down, but I keep it up for nostalgia really.
I recently noticed it has been unresponsive for a while because my LetsEncrypt cert had expired and was not auto-renewing.
When I tried to run the
certbot-auto command I used to use to renew, it wasn't
working. It is no longer supported. I'm also hosting on an Ubuntu 12.02 release
which also is no longer being supported.
Sure, I should move to a supported version of Ubuntu. Sure I should upgrade everything. Sure I should move to Docker. Well, I don't want to spend the time doing all that. I just wanted a new cert!
So here is what I did. I ran certbot auto locally with Docker to get a new cert. I had to use the DNS method for validating the domain.
1docker run -it --rm --name certbot \2 --mount "type=bind,src=$(pwd)/certs,dst=/etc/letsencrypt" \3 -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \4 certbot/certbot certonly --manual --preferred-challenges dns -d "example.com"
Once this completes I will have my certs stored in
then move them to the server and replace the old ones. I use the method below
because I require
sudo so I can't just use
scp. I also need to restart nginx
once they have been copied.
1for filename in ./certs/live/example.com/*; do2 bname=$(basename -a $filename)3 cat $filename | ssh email@example.com "sudo tee -a /etc/letsencrypt/live/example.com/$bname"4done5ssh firstname.lastname@example.org "sudo service nginx restart"
Now I just have to remember to do this every three months or automate it.