We tried to update the SSL cert via letsencrypt today and ran into trouble.
Since this is the first time we have renewed a cert this way, we had trouble understanding the commands.
Anyway, we ended up blocking us from doing the renewal for about a week.
Which means the cert on the site will be broken for about a week.
See this post for an explanation: https://community.letsencrypt.org/t/how-can-i-completely-reinstall-lets-encr...
Sorry for the trouble,
Mark.
Heiya Mark,
working with certs via letsencrypt is initially nearly as painful as creating CSRs and installing certs we classic way - just different. I also banged my head on the table later last year on a couple of occasions. Probably mostly depending on what version of the bot used gets shipped with your OS. Things can indeed be a bit tricky with older versions. So you have all my understanding.
Still after the process is established you will not like to lack letsencrypt at all. They really have changed the world. Which is good! What's a week when knowing this? Nothing.
Cheers Karsten
Am 01.10.2017 um 23:39 schrieb Mark A. Hershberger:
We tried to update the SSL cert via letsencrypt today and ran into trouble.
Since this is the first time we have renewed a cert this way, we had trouble understanding the commands.
Anyway, we ended up blocking us from doing the renewal for about a week.
Which means the cert on the site will be broken for about a week.
See this post for an explanation: https://community.letsencrypt.org/t/how-can-i-completely-reinstall-lets-encr...
Sorry for the trouble,
Mark.
"Mark A. Hershberger" mah@nichework.com writes:
We tried to update the SSL cert via letsencrypt today and ran into trouble.
This is fixed now. I had to drop the name "www.wikiapiary.com" from the cert because of repeated problems, but since the site redirects to "wikiapiary.com", anyway, it should be fine now.
Mark.
Thanks a lot Mark. Hmm, that's a bit strange but never mind. Works for me. :)
Cheers Karsten
Am 09.10.2017 um 23:30 schrieb Mark A. Hershberger:
"Mark A. Hershberger" mah@nichework.com writes:
We tried to update the SSL cert via letsencrypt today and ran into trouble.
This is fixed now. I had to drop the name "www.wikiapiary.com" from the cert because of repeated problems, but since the site redirects to "wikiapiary.com", anyway, it should be fine now.
Mark.
That means that https://www.wikiapiary.com doesn't redirect properly though:
www.wikiapiary.com uses an invalid security certificate. The certificate is only valid for the following names: web.wikiapiary.com, wikiapiary.com
Usually, it's possible to list more than one extra domain on the cert, e.g.
letsencrypt certonly -a webroot --keep -w /var/www/wikiapiary.com -d wikiapiary.com,www.wikiapiary.com,web.wikiapiary.com
On Tue, 10 Oct 2017, at 05:30 AM, Mark A. Hershberger wrote:
"Mark A. Hershberger" mah@nichework.com writes:
We tried to update the SSL cert via letsencrypt today and ran into trouble.
This is fixed now. I had to drop the name "www.wikiapiary.com" from the cert because of repeated problems, but since the site redirects to "wikiapiary.com", anyway, it should be fine now.
Mark.
-- Mark A. Hershberger NicheWork LLC 717-271-1084
Wikiapiary mailing list Wikiapiary@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikiapiary
wikiapiary@lists.wikimedia.org