search

nudj / nudj-backend

Nudj - Backend (Archive)
0 stars 0 forks source link

Update webroot directories in `renew-letsencrypt.sh` #13

Closed richardbuckle closed 8 years ago

richardbuckle commented 8 years ago

The script /usr/local/renew-letsencrypt.sh runs as a cron job but failed to keep our SSL certificates up to date as it has out of date locations for the webroot directories.

Could you please update the script and the documentation and re-run the script. Thanks.

shtukas commented 8 years ago

Script updated

pascal117@ws1:~$ cat /usr/local/renew-letsencrypt.sh
#! /bin/sh

/usr/local/letsencrypt/letsencrypt-auto certonly \
--webroot \
-w /var/www/nudj-system/nudj-api-development/nudj-backend/nudj-api/public -d dev.nudj.co \
-w /var/www/nudj-system/nudj-api-production/nudj-backend/nudj-api/public -d api.nudj.co \
-w /var/www/nudj-system/nudj-desk-production/nudj-backend/nudj-desk/public -d desk.nudj.co \
-w /var/www/nudj-system/nudj-web-application-development/nudj-backend/nudj-web-application/public -d mobileweb-dev.nudj.co \
-w /var/www/nudj-system/nudj-web-application-production/nudj-backend/nudj-web-application/public -d mobileweb.nudj.co \
--email web.admin@nudj.co \
--renew-by-default --agree-tos --text

Script ran

pascal117@ws1:~$ sudo /usr/local/renew-letsencrypt.sh
Updating letsencrypt and virtual environment dependencies.......
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/nudj-system/nudj-api-development/nudj-backend/nudj-api/public -d dev.nudj.co -w /var/www/nudj-system/nudj-api-production/nudj-backend/nudj-api/public -d api.nudj.co -w /var/www/nudj-system/nudj-desk-production/nudj-backend/nudj-desk/public -d desk.nudj.co -w /var/www/nudj-system/nudj-web-application-development/nudj-backend/nudj-web-application/public -d mobileweb-dev.nudj.co -w /var/www/nudj-system/nudj-web-application-production/nudj-backend/nudj-web-application/public -d mobileweb.nudj.co --email web.admin@nudj.co --renew-by-default --agree-tos --text

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/api.nudj.co/fullchain.pem. Your cert will
   expire on 2016-06-13. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.
 - If you like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

and documentation updated.

Cheers,

ps: I will keep an eye on this on my surveillance todo list.

richardbuckle commented 8 years ago

Almost there. It looks like the servers are still serving the old certificate. If memory serves I used a hard link in the filesystem so that replacing /etc/letsencrypt/live/api.nudj.co/fullchain.pem should have just worked. Could you check please?

Or maybe we just need to restart Apache.

shtukas commented 8 years ago

Apache restarted. Sorry for that, I should have thought about it. I am doing to many things at the same time.

But then, something occurs to me, should we not make sure that the script restarts Apache when it run ?

richardbuckle commented 8 years ago

Yes, it should, could you add that to the end please (but don't run it again, because of the Let's Encrypt rate limiting).

shtukas commented 8 years ago

Done. Script and documentation updated.