Difference between revisions of "CentOS 7.x Owncloud bitnami lego lets-encrypt certificate renewal issue"
(Created page with "<yambe:breadcrumb self="Owncloud bitnami lego lets-encrypt certificate renewal issue">CentOS_7.x_owncloud|Owncloud</yambe:breadcrumb> =CentOS 7.x Owncloud bitnami lego lets-en...") |
m |
||
Line 1: | Line 1: | ||
<yambe:breadcrumb self="Owncloud bitnami lego lets-encrypt certificate renewal issue">CentOS_7.x_owncloud|Owncloud</yambe:breadcrumb> | <yambe:breadcrumb self="Owncloud bitnami lego lets-encrypt certificate renewal issue">CentOS_7.x_owncloud|Owncloud</yambe:breadcrumb> | ||
=CentOS 7.x Owncloud bitnami lego lets-encrypt certificate renewal issue= | =CentOS 7.x Owncloud bitnami lego lets-encrypt certificate renewal issue= | ||
'''It is better to use /opt/owncloud-<versin>/bncert-tool with --perform_dns_validation 0 option to renew certificate via bncert tool'''. This will add entry in crontab with '0 0 * * *' schedule. Change it to something like 'A B * * 0' where A is between 0 and 59 (minutes) and B is between 0 to 6 (in night). | |||
It was found that on one production server /etc/lego/renew-certificate.sh with following contents: | It was found that on one production server /etc/lego/renew-certificate.sh with following contents: |
Revision as of 18:00, 24 April 2021
<yambe:breadcrumb self="Owncloud bitnami lego lets-encrypt certificate renewal issue">CentOS_7.x_owncloud|Owncloud</yambe:breadcrumb>
CentOS 7.x Owncloud bitnami lego lets-encrypt certificate renewal issue
It is better to use /opt/owncloud-<versin>/bncert-tool with --perform_dns_validation 0 option to renew certificate via bncert tool. This will add entry in crontab with '0 0 * * *' schedule. Change it to something like 'A B * * 0' where A is between 0 and 59 (minutes) and B is between 0 to 6 (in night).
It was found that on one production server /etc/lego/renew-certificate.sh with following contents:
#!/bin/bash /opt/owncloud-10.0.10-2/ctlscript.sh stop /usr/local/bin/lego --email="saurabh@rekallsoftware.com" --domains="<fqdn>" --path="/etc/lego" --http renew /opt/owncloud-10.0.10-2/ctlscript.sh start
stopped working. Below command was running without any output and existing with 0 status.
/usr/local/bin/lego --email="saurabh@rekallsoftware.com" --domains="<fqdn>" --path="/etc/lego" --http renew
The above script was created based on below reference:
To resolve following steps were used:
- /opt/owncloud-10.0.10-2/ctlscript.sh stop
- yum -y install python2-certbot-apache
- yum -y install httpd
- Created /etc/httpd/conf.d/<servername>.conf with:
- <VirtualHost *:80>
- DocumentRoot "/var/www/html"
- ServerName <server-fqdn>
- # Other directives here
- </VirtualHost>
- systemctl start httpd
- Used following to create required certificate in /etc/letsencrypt/live folders:
- certbot --apache
- systemctl stop httpd
- In above setup following symbolic links were present:
- /etc/lego/certificates/<fqdn>.crt linked to /opt/owncloud-10.0.10-2/apache2/conf/server.crt
- /etc/lego/certificates/<fqdn>.key linked to /opt/owncloud-10.0.10-2/apache2/conf/server.key
- Thus updated /etc/lego/renew-certificate.sh to have:
- #!/bin/bash
- /opt/owncloud-10.0.10-2/ctlscript.sh stop
- /usr/local/bin/lego --email="saurabh@rekallsoftware.com" --domains="<fqdn>" --path="/etc/lego" --http renew
- #The above is not working so using certbot instead
- systemctl start httpd
- certbot renew
- systemctl stop httpd
- cp /etc/letsencrypt/live/<fqdn>/fullchain.pem /etc/lego/certificates/<fqdn>.crt
- cp /etc/letsencrypt/live/<fqdn>/privkey.pem /etc/lego/certificates/<fqdn>.key
- /opt/owncloud-10.0.10-2/ctlscript.sh start
<yambe:breadcrumb self="Owncloud bitnami lego lets-encrypt certificate renewal issue">CentOS_7.x_owncloud|Owncloud</yambe:breadcrumb>