Closed dasiyes closed 1 year ago
If you look at makeDirectories
, it uses os.MkdirAll()
which doesn't do anything if the directory already exists:
// If path is already a directory, MkdirAll does nothing
// and returns nil.
So not sure what to improve here?
I have this subdomain lit.ivmanto.dev
, and using certbot
on Ubunto for nginx
, I have created a Letsencrypt certificate for this subdomain. Now, if I try to add the folder where Letsecrypt has created the certificate and the key files, at startup, LITD says cannot create the folder because it already exists.
I was wondering how to add the existing certificate path in the lit.conf
file in such a way that it uses the already existing certificate and existing folder instead of trying to create a new certificate.
I hope this makes more sense now as a request.
See my other comment in https://github.com/lightninglabs/lightning-terminal/issues/630. If you use certbot
to issue your certificate, you don't need to set any LetsEncrypt
parameters in LiT (as that will attempt to do the same as certbot
already did). So what you need to change are --tlscertpath
and --tlskeypath
to point to the files generated by certbot
.
I have done that (conf parameters that point to the folder where the certbot has created the cert and pk), and the result is I am getting an error saying cannot create the folder because it already exists.
Do you mean I have to remove the parameter letsencrypt=true
and then point the tlscertpath
and tlskeypath
to the existing folder?
Do you mean I have to remove the parameter
letsencrypt=true
Yes, remove (or comment out) anything in your config file related to letsencrypt
if you are generating the certificate outside of LiT. And then point tlscertpath
to the certificate file (not folder) and the tlskeypath
to the certificate key.
So - that worked for me. 👍
I have only added letsencryptdir=/etc/letsencrypt/live/domain-name/
in the config file and commented out the letsencrypt=true
.
Do I understand it correctly now that letsencrypt=true
should be only used in lit.conf file when litd is supposed to create
the Letsencrypt certificate on its own and not when using the Letsencrypt as certificate vendor?
Thanks a lot for the clarification.
Exactly.
From litd --help
:
--letsencrypt Use Let's Encrypt to create a TLS certificate for the UI instead of using
lnd's TLS certificate. Port 80 must be free to listen on and must be
reachable from the internet for this to work.
Any other config options that start with letsencrypt
will be ignored if letsencrypt=false
.
I understood that part it should be set to TRUE
if the certificate must be created, but was not clear to set it to false (or remove it) when the certificate already exists. That was my misreading. 👍
Once again - thanks a lot!
It seems that once the Letsencrypt is set to TRUE in the lit.conf file, according to the code below from config.go [417-427]:
the app tries to create the directory (and it works :)) - but it would be nice to just use this directory (if already exists - assuming the cert / key are in it) instead of only trying to create it and generate the cert/key pair.