my first certificate expiration

2020-08-09

Update: concise instructions

This morning I was greeted with this warning from Chrome when visiting

The error message indicated my certificates had expired.

I SSH'd into my DigitalOcean node and ran a scan of the certs that certbot can find

$ sudo certbot renew
Processing /etc/letsencrypt/renewal/
Cert not yet due for renewal
The following certs are not due for renewal yet:
  /etc/letsencrypt/live/ expires on 2020-10-08 (skipped)
No renewals were attempted.

However, when I run a manual scan of the certs used by my site,

$ openssl x509 -dates -noout < /home/pdg/proofofconcept/v7_pickle_web_interface/certs/fullchain.pem
notBefore=May 11 15:26:19 2020 GMT
notAfter=Aug  9 15:26:19 2020 GMT

The corresponds with the command history entry from 2020-05-11,
sudo certbot certonly --webroot \
-w /home/pdg/proofofconcept/v7_pickle_web_interface/certs \
--server \
-d -d


Delete existing certs
sudo rm -rf /etc/letsencrypt/{live,renewal,archive}/{,}/

Request new certs

sudo certbot certonly --webroot \
-w /home/pdg/proofofconcept/v7_pickle_web_interface/certs \
--server \
-d -d

Copy new certs to directory that nginx mounts in Docker-compose

cd /home/pdg/proofofconcept/v7_pickle_web_interface/certs
sudo cp /etc/letsencrypt/live/ .
sudo cp /etc/letsencrypt/live/ .
sudo chown pdg:pdg privkey.pem
openssl dhparam -out dhparam.pem 2048

Restart Docker-compose

docker-compose up --build --force-recreate --remove-orphans --detach

If the docker containers are not restarted, the changes made to the file on the host won't take effect.

Verify in a browser that has the updated certificate.

Set a calendar reminder to renew the certificate