Certs

Our ssl certs are auto renewed on our dev/prod ec2 servers.

Sometimes the auto renew fails. It’s most often because a domain has changed/been removed and our certs still contain it. The following are commands I use to delete a domain, to see certs, etc… --dry-run is important to use to test your commands. Also, sometimes the nginx hook doesn’t play nicely and it needs to be manually restarted.

>cat /var/log/certbot-auto.log

>sudo certbot delete --cert-name clients.everdays.com

>sudo certbot certificates

>sudo certbot certonly --dry-run --cert-name evdy.app-0001 -d evdy.xyz,api.evdy.app,api.evdy.io,api.everdays.com,api2.requiemapp.com,app.everdays.com,apps.everdays.com,blog.everdays.com,dash.everdays.com,dash.requiemapp.com,evdy.app,evdy.io,evdy.me,evdy.us,everdays.com,help.everdays.com,helpmyfamilies.com,intranet.everdays.com,partners.everdays.com,partners.requiemapp.com,requiemapp.com,www.evdy.app,www.evdy.io,www.everdays.com,www.helpmyfamilies.com,www.requiemapp.com,clients.everdays.com

>sudo certbot certonly --cert-name evdy.app-0001 -d evdy.xyz,api.evdy.app,api.evdy.io,api.everdays.com,api2.requiemapp.com,app.everdays.com,apps.everdays.com,blog.everdays.com,dash.everdays.com,dash.requiemapp.com,evdy.app,evdy.io,evdy.me,evdy.us,everdays.com,help.everdays.com,helpmyfamilies.com,intranet.everdays.com,partners.everdays.com,partners.requiemapp.com,requiemapp.com,www.evdy.app,www.evdy.io,www.everdays.com,www.helpmyfamilies.com,www.requiemapp.com,clients.everdays.com

>sudo certbot renew  --dry-run --cert-name w.evdy.me --pre-hook "service nginx stop" --post-hook "service nginx start"

7/18/21

The last auto renew on dev didn’t work because we changed servers.

running sudo certbot renew --dry-run on prod says all sim'd renewals succeeded but nginx post-hook fails so something to watch.

To resolve on dev I followed: https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx