I'm using SSL configured as in https://ktor.io/docs/ssl.html but can't seem to find a way to handle when certbot renews the cert.
Is there a known/preferred way to automatically renew the cert without restarting the server?
Related
I have some private services behind VPN(wireguard).
I generate certificate for them with certbot and dns chalange.but I have to renew them every three month.
how can I automate this?
Check if there is a DNS plugin for your DNS server. If one is not available, then you must replace the certificates manually.
If there is a plugin available, you will need to reissue your certificate to use automatic renewals.
DNS Plugins
Supposing I have a nginx server with mtls enabled. The nginx instance works ok for the client certificates already configured.
Is there any way to add extra client certificates (newly registered_ without restarting the server?
If not are there any servers or software solutions that resolve certificates dynamically?
I am new to handling procedures related to the installation of SSL certificate in Linux Centos 7 with Apache, so here is the sequence of events happened so far,
we got the SSL certificate
Due to some reasons, we disabled the secure connection (HTTPS to HTTP)
we got the certificate renewed (it is not downloaded yet.)
Now, I would like to know the procedure to enable HTTPS again.
My Let's Encrypt --standalone server is serving over HTTP only.
When I generate the certs in standalone mode it works fine. Obviously when you generate certs you don't have any so HTTP only makes sense.
My question is, when I run ..
letsencrypt renew
Does the renew command work with HTTP only? or does the renew command expect the server to be serving over HTTPS?
As a secondary question, why bother with the renew command? Why cant I just generate new certs with the --standalone option each time my certs expire?
Many thx for your insight
The answer is NO it does not. You can fire off a renewal immediately after generating a cert over HTTP only.
I am running an EC2 instance on amazon with centos as my operating system.
My SSL certificate expired so I renewed it. For some reason it wasn't saying that it was renewed so I tried rekeying it. Once I did that I downloaded the new crt and chain file form godaddy uploaded to my server and updated my virtual host to point to the new files. I then restarted apache and still when I go to the domain it says that my SSL is expired.
I tried rebooting the server and still no luck.
is there something I am missing?
It ended up that this server was behind a load balancer with just one server so the ssl ticket was being server from the load balancer and not the server! WOW
You don't need to rekey it. You just need to generate a new CSR from the existing key, have it signed, and import the signed CSR the same way you did before.