Dotaz: certbot-auto

Niekedy som si obnovoval certifikaty rucne a fungovalo to dobre. Dnes som si chcel skusit nastavit automaticke obnovenie, ale niekde asi nieco nefunguje. Chytil som sa tohto navodu a urobil som nasledovne:

mv certbot-auto /etc/letsencrypt/
cd /etc/letsencrypt/ && ./certbot-auto renew --dry-run && service apache2 restart

vystup bol nasledovny a vyzera, ze vsetko prebehlo OK

Saving debug log to /var/log/letsencrypt/letsencrypt.log
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/web1.info.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for web1.info
http-01 challenge for www.web1.info
Waiting for verification...
Cleaning up challenges
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/web1.info/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/web2.info.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for web2.info
http-01 challenge for www.web2.info
Waiting for verification...
Cleaning up challenges
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/web2.info/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/web3.info.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for web3.info
http-01 challenge for www.web3.info
Waiting for verification...
Cleaning up challenges
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/web3.info/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/web4.info.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for web4.info
http-01 challenge for www.web4.info
Waiting for verification...
Cleaning up challenges
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/web4.info/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)
 
Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/web1.info/fullchain.pem (success)
  /etc/letsencrypt/live/web2.info/fullchain.pem (success)
  /etc/letsencrypt/live/web3.info/fullchain.pem (success)
  /etc/letsencrypt/live/web4.info/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Avsak nevidel som restart apache, tak som restart vykonal rucne, ale ako pozeram, tak pozeram, certifikaty na weboch su stale stare. Este podotknem, ze vhosty na apache mam pre certifikaty nastavene takto

  
        SSLEngine on
        SSLCertificateKeyFile /etc/letsencrypt/live/web1.info/privkey.pem
        SSLCertificateFile /etc/letsencrypt/live/web1.info/cert.pem
        SSLCertificateChainFile /etc/letsencrypt/live/web1.info/chain.pem
#       SSLCertificateChainFile /etc/letsencrypt/live/web1.info/fullchain.pem

ano fullchain.pem je zakomentovany, pretoze som mal v minulosti problemy, tak je zakomentovany. Aj ked som ho skusil odkomentovat a restartol som apache, tak certifikaty na webe boli vzdy stare. Nemam problem obnovit ich rucne, ale zaujmalo by ma preco to nefunguje, cez certbot-auto

apache, resp. sluzby restartujem/reloadujem cez deply hooks https://certbot.eff.org/docs/using.html#renewing-certificates