ICT: Diary
D: 28 W: 05
| < | August 2017 | > | ||||
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | ||
SSL Certificate Expiry
So having gone HTTPS everywhere - I let my certificate expire…
Using acme-client to renew the certificate:
doas acme-client -Fv schoolio.co.uk
which was successful on the third attempt, my SSL certificate is now valid until 28 November 2017. Each failed attempt gave the following error:
acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid response from http://www.schoolio.co.uk/.well-known/acme-challenge/xxx: \"\r\n\r\n404 Not Found
\"", "status": 403 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/xxx", "token": "xxx", "keyAuthorization": "xxx", "validationRecord": [ { "url": "https://www.schoolio.co.uk/.well-known/acme-challenge/xxx", "hostname": "www.schoolio.co.uk", "port": "443", "addressesResolved": [ "46.235.226.153" ], "addressUsed": "46.235.226.153", "addressesTried": [] }, { "url": "http://www.schoolio.co.uk/.well-known/acme-challenge/xxx", "hostname": "www.schoolio.co.uk", "port": "80", "addressesResolved": [ "46.235.226.153" ], "addressUsed": "46.235.226.153", "addressesTried": [] } ] }] (1475 bytes)
It is worth remembering the Let's Encrypt is rate limited so you want to avoid too many errors or you get locked out for a period of time.
Getting it working involved disabling the ssl redirect in my nginx.conf, and then restarting nginx. Once the certificate was updated I reverted the changes to nginx.
I need to work out how to automate the certificate renewal - preferably using SSL, so that I don't need to play with nginx.conf. The plan is to test using Raspberry Pi 3, although that is running OpenBSD's httpd rather than nginx.
$Id: dates.htm,v 1
$Id: diary,v 1.38 2025/01/01 22:43:54 fred Exp $