Difference between revisions of "CentOS 7.x Owncloud bitnami lego lets-encrypt certificate renewal issue"
From Notes_Wiki
(Created page with "<yambe:breadcrumb self="Owncloud bitnami lego lets-encrypt certificate renewal issue">CentOS_7.x_owncloud|Owncloud</yambe:breadcrumb> =CentOS 7.x Owncloud bitnami lego lets-en...") |
(No difference)
|
Revision as of 12:39, 2 April 2019
<yambe:breadcrumb self="Owncloud bitnami lego lets-encrypt certificate renewal issue">CentOS_7.x_owncloud|Owncloud</yambe:breadcrumb>
CentOS 7.x Owncloud bitnami lego lets-encrypt certificate renewal issue
It was found that on one production server /etc/lego/renew-certificate.sh with following contents:
#!/bin/bash /opt/owncloud-10.0.10-2/ctlscript.sh stop /usr/local/bin/lego --email="saurabh@rekallsoftware.com" --domains="<fqdn>" --path="/etc/lego" --http renew /opt/owncloud-10.0.10-2/ctlscript.sh start
stopped working. Below command was running without any output and existing with 0 status.
/usr/local/bin/lego --email="saurabh@rekallsoftware.com" --domains="<fqdn>" --path="/etc/lego" --http renew
The above script was created based on below reference:
To resolve following steps were used:
- /opt/owncloud-10.0.10-2/ctlscript.sh stop
- yum -y install python2-certbot-apache
- yum -y install httpd
- Created /etc/httpd/conf.d/<servername>.conf with:
- <VirtualHost *:80>
- DocumentRoot "/var/www/html"
- ServerName <server-fqdn>
- # Other directives here
- </VirtualHost>
- systemctl start httpd
- Used following to create required certificate in /etc/letsencrypt/live folders:
- certbot --apache
- systemctl stop httpd
- In above setup following symbolic links were present:
- /etc/lego/certificates/<fqdn>.crt linked to /opt/owncloud-10.0.10-2/apache2/conf/server.crt
- /etc/lego/certificates/<fqdn>.key linked to /opt/owncloud-10.0.10-2/apache2/conf/server.key
- Thus updated /etc/lego/renew-certificate.sh to have:
- #!/bin/bash
- /opt/owncloud-10.0.10-2/ctlscript.sh stop
- /usr/local/bin/lego --email="saurabh@rekallsoftware.com" --domains="<fqdn>" --path="/etc/lego" --http renew
- #The above is not working so using certbot instead
- systemctl start httpd
- certbot renew
- systemctl stop httpd
- cp /etc/letsencrypt/live/<fqdn>/fullchain.pem /etc/lego/certificates/<fqdn>.crt
- cp /etc/letsencrypt/live/<fqdn>/privkey.pem /etc/lego/certificates/<fqdn>.key
- /opt/owncloud-10.0.10-2/ctlscript.sh start
<yambe:breadcrumb self="Owncloud bitnami lego lets-encrypt certificate renewal issue">CentOS_7.x_owncloud|Owncloud</yambe:breadcrumb>