[ale] let's encrypt cert renewals?

Kyle Brieden kyle at txmoose.com
Thu May 11 13:26:11 EDT 2017 

Ben,

For what it's worth, I do use the webroot plugin, because when I set up 
LE on my webservers, that seemed to be the only way to support nginx.  
Now, my crontabs all read like this:

root at media:~# crontab -l | egrep -v "^#.*$"
MAILTO=kyle at txmoose.com
30 2 * * 1 /opt/certbot-auto renew --post-hook "service nginx reload"
root at media:~#


It hadn't even occurred to me that other plugins may have come along or 
not.  That's what I liked about LE, though, is that it is extremely 
fire-and-forget.  Thanks for the info!  I'll go look and see if I can 
update my setups some time soon.

---
Very respectfully,
Kyle Brieden

On 11-05-2017 13:16, Ben Coleman wrote:
> On 5/11/2017 09:22 AM, Kyle Brieden wrote:
>> Short story is this:  For whatever reason, LE servers *must* be able 
>> to
>> reach your site at 80 and 443.
> 
> Actually, I think this depends on which plugin you're using.  According
> to the docs, the apache and nginx plugins use the tls-sni-01 challenge,
> which requires port 443.  The webroot plugin (which is what I'm using 
> on
> my sites) uses the http-01 challenge, which requires port 80 (but it
> will follow redirects).  If you're using webroot, it appears that you
> *have* to have port 80 available.
> 
> Given that DJ's problem is using tls-sni-01, I'd say he's probably 
> using
> the apache or nginx plugin.  Given that his setup has successfully
> renewed before (and assuming that LE's error messages distinguish
> between 'failed to connect' (i.e. timeout) and 'connection refused'), I
> might suspect a (hopefully temporary) routing failure between LE's
> authentication servers and DJ's sites.
> 
> Ben
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x89C9D831.asc
Type: application/pgp-keys
Size: 3071 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20170511/6e480ab7/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.ale.org/pipermail/ale/attachments/20170511/6e480ab7/attachment.sig>

More information about the Ale mailing list