Tony, please look into three things, and perhaps issue an addendum or update. These instructions are otherwise incomplete and will leave your viewers hanging. Until then, here are the issues I saw, and readers may be able to bootstrap themselves from here. 1. Use "certbot --dry-run renew", emphasis on --dry-run, when demonstrating and doing your own testing. Otherwise it doesn't take too many times of doing it without --dry-run to get temporarily blacklisted by their servers. 2. The crontab technique doesn't work for all Linux distros. I believe that the systemd systems ignore the crontab and use different scripts to do the renewal checks. 3. When the certificate is actually renewed and replaced after 60 days, the httpd process (i.e. Apache, OpenLiteSpeed, or Nginx) needs to be told to reload its files, typically with systemctl.
First of all, your videos are great! Regarding certbot -renew at crontab, when the server is not changed frequently, e.g. website that is changed once per several months and backed up only after changes, if it is ever restored from the backup, its certificate would be old and obsolete till the next Sunday. So in order to avoid the manual renew after restore, I would add the following rule: @reboot sleep 300 && certbot -renew -n -q (sleep 300 to prevent the case that Let'sEncrypt server would try to access the site before the web-server is up and running)
@@TonyTeachesTech Hi Tony. I'm using the acme.sh client instead of certbot since I'm on shared hosting. When the certificate is renewed in 60 days via the cron job, do I need to change the CRT, KEY and CABUNDLE values as well? Thanks in advance.
I specially came here to find this vid, as I had setup of certs more than 3 months ago after watching your another video. However, apparently now certs get automatically renewed on expiry day. As I had not set any such cron tab also was late and had not run any command, and when i checked, in mid jun (when expiry was due) the certs have already been automatically refreshed / renewed for next 3 months. Can you please confirm this. I am using them on apache2
Hi, I am having a problem with the cyber panel. please advise me what to do...I keep getting emails that "Automatic Let's Encrypt renewal for [domain] was attempted and failed. Thank you
I run Apache on multiple ports 8081 8082 .... can I do a certbot wildcard SSL and use it for all those site? I do GoDaddy DNS with port redirection on my router How would I go about making it automatic
I have a Ubuntu with OpenLiteSpeed , i added this code 0 1 * * * certbot renew --quiet --post-hook "systemctl restart lsws" to crontab to check everyday at 1 AM if it should renew Will this code work ?
hi bro, when i do the renewal the system give me this message "Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.." i´ve open this port on my firewall, i need help please. thanks
If you're using an Nginx server: th-cam.com/video/P7W4iYkFaOU/w-d-xo.html If you're using an Apache server: th-cam.com/video/lGSRDV2IQhw/w-d-xo.html One-click WordPress installs with Cloudways: th-cam.com/video/6mHfUEq6h4Y/w-d-xo.html
There is a way to do from the very start so you don't have to come in and add it. I do not remember where I found it. I thought it was on the let's encrypt page, but I cannot find it again now that I need it. It also shows how to include multiple domains. Can you please make a video showing how to do add the automatic updating from the start with multiple domains?
how to get this working in namecheap hosting, followed your last tutorial to install the cert but... in namecheap it says cerbot command not found I tried installing certbot but all my practices are failing till now....
@@TonyTeachesTech I am pretty sure I am using Apache. I am using the terminal that comes with namecheap. I have even tried to ssh into the site through my linux terminal and I still haven't been successful
@@samuelmartins9470 You don't have root access with Namecheap unless you're on a VPS, so you can't use Let's Encrypt. Here's an alternative th-cam.com/video/bVbGW037fYk/w-d-xo.html
@@TonyTeachesTech That's just it, sir. I am using a Let's encrypt ssl for my site using the method from your first video on how to install a free ssl certificate using namecheap and it worked. Setting up the cronjob for automatic renewals is the main problem. I had to reinstall it manually.
The cron job is setup to renew the certificate every sunday at 6am. How do I change the time on my server to local time (australia) otherwise 6am is 9pm local time. Also, is there a command to show whether I have apache or nginx operating system? I believe Namecheap uses apache only but I thought I better check.
I manually ran certbot renew and got a type: unauthorized and nginx 404 response. Now cert already expired and I can't seem to make it renew, could I privately share my configs and get some help?
@@TonyTeachesTech thanks! I was able to solved the issue. I was not pointing to the correct public folder. Please ignore related msg I sent through your web.
What about when you install cyberpanel? is there anyway to automatically add ssl, I mean we should not manually add and click on each domain in cyber panel every time.
@@TonyTeachesTech yes sir it is ok, but is there any way to do this automatically because we have to remember which domain and what was date when I installed the ssl, for 5 domains it is hard.
Hello, I have an EC2 instance on AWS and was able to install Let's Encrypt SSL Certificate. However, I wanted to have it automatically renewed and installed without me checking every 3 months. Does this auto renew done by certbot also auto installs it? Or do I still have to re-install the certificate manually? There's a step on certbot that tells me that I would still have to re-install the renewed certificate so it's still like checking back every 3 months. Great vid, btw! :D
If you follow the tutorial tonyteaches.tech/lets-encrypt-renew-cron/ there should be no need to manually do anything in order to update the SSL certificate
Not unless you stop the web server with a pre-hook or need to do other processing. I have an example on my blog tonyteaches.tech/lets-encrypt-renew-cron/
Good work. That looks right to me. I always recommend testing it out on the command line first (outside of crontab). I realize your cert won't renew yet, but it's good to know that it runs without error.
Will this work? I am not a coder so i do not understand what is written on your pinned comment but after reading it i have doubt if i follow you step by step will this work properly or any update to do ? Bcz u also wrote update in description , i am confuced 😭....
You can see what happens with the --dry-run renew flag. Simply run this command: certbot renew --dry-run -n -q --pre-hook "service nginx stop" --post-hook "service nginx start"
@@TonyTeachesTech thanks tony 🙏 but i need some help I am new to digital ocean and when i migrate my site with wp plugin to digital ocean and after that when i searched it showed me some error "Error in connecting to database" i also contacted digital ocean but they gave some technical instructions which i am unable to persue, plz help or make a video on it 🙏 they share me some mysql killed error , plz tony help me I will share u SS on mail..
Hi Tony, i have an issue with SSL with my website, my website was running fine with Let Encrypt SSL but i generated new SSL request through Virtualmin now google chrome give me error while access virtualmin admin itself. l-ink2.com:10000/ Can you plz et me know how can i put it back to Let Encrypt SSL through ssh terminal. I watch ur this tutorial and follow your some step but not working. plz. help :)
It looks like you are using a self signed certificate. What happens if you go through the Let's Encrypt steps in this video? What steps aren't working for you? You might have to manually edit your web server's config file if the Let's Encrypt installer isn't overwriting your current ssl
@@TonyTeachesTech hi Tony, yes you are right i enabled self signed certificate. i get into the corntab file and setup corn job every min(s). but nothing happend after doing that. Yes, plz. let me know how do i manually edit my web server's config file. Yes, i got the msg before signing up new SSL certificate it will overwrite.
Tony, please look into three things, and perhaps issue an addendum or update. These instructions are otherwise incomplete and will leave your viewers hanging. Until then, here are the issues I saw, and readers may be able to bootstrap themselves from here.
1. Use "certbot --dry-run renew", emphasis on --dry-run, when demonstrating and doing your own testing. Otherwise it doesn't take too many times of doing it without --dry-run to get temporarily blacklisted by their servers.
2. The crontab technique doesn't work for all Linux distros. I believe that the systemd systems ignore the crontab and use different scripts to do the renewal checks.
3. When the certificate is actually renewed and replaced after 60 days, the httpd process (i.e. Apache, OpenLiteSpeed, or Nginx) needs to be told to reload its files, typically with systemctl.
Good catch with the reloading of the server. Something like this should do the trick:
certbot renew --post-hook "systemctl reload nginx"
@@TonyTeachesTech yes. in the /etc/letsencrypt/renew/ add “renew-hook = systemctl try-reload-or-restart nginx” or whatever process(es) need it.
I tried to subscribe again lol, I didnt understand any of this a few months ago. Keep going people!
Great video Tony thank you, subscribed without hesitation
First of all, your videos are great!
Regarding certbot -renew at crontab, when the server is not changed frequently, e.g. website that is changed once per several months and backed up only after changes, if it is ever restored from the backup, its certificate would be old and obsolete till the next Sunday.
So in order to avoid the manual renew after restore, I would add the following rule:
@reboot sleep 300 && certbot -renew -n -q
(sleep 300 to prevent the case that Let'sEncrypt server would try to access the site before the web-server is up and running)
Thanks and thanks for the suggestion
just got the email to renew my certificate; thank you!
Great!
Worked like a charm.
Great
Thanks for sharing your knowledge man. Great content.
My pleasure!
Thanks for posting this info - really saved my bacon!
You're welcome!
Great video. Thanks Tony! :)
No problem Kaveen
@@TonyTeachesTech Hi Tony. I'm using the acme.sh client instead of certbot since I'm on shared hosting. When the certificate is renewed in 60 days via the cron job, do I need to change the CRT, KEY and CABUNDLE values as well?
Thanks in advance.
@@kaveengoonawardane9651 Nope!
@@TonyTeachesTech Thanks again Tony! :)
Short and concise. Thank you!
You're welcome!
Thank for the tutorial!!!
No problem!!
King.
🙏
does it keep the same certificate and private key as well?
I specially came here to find this vid, as I had setup of certs more than 3 months ago after watching your another video. However, apparently now certs get automatically renewed on expiry day. As I had not set any such cron tab also was late and had not run any command, and when i checked, in mid jun (when expiry was due) the certs have already been automatically refreshed / renewed for next 3 months.
Can you please confirm this. I am using them on apache2
Without a cronjob, I find it hard to believe that the cert was automatically renewed
Plz make a video how to remove one of the website from multiple websites on single server.
What web server are you running on?
Hi, I am having a problem with the cyber panel. please advise me what to do...I keep getting emails that "Automatic Let's Encrypt renewal for [domain] was attempted and failed. Thank you
cd sites-available/
no such file or directory , how to solve ? hosting namecheap
Do you have a NameCheap VPS or is it a Stellar hosting plan?
@@TonyTeachesTech Stellar
How can we cron renew a certificate on openlitespeed server?
does the certbot not ask you if you want to renew...ie user input of y for yes. ?
Thank you
I run Apache on multiple ports 8081 8082 .... can I do a certbot wildcard SSL and use it for all those site?
I do GoDaddy DNS with port redirection on my router
How would I go about making it automatic
Hey Tony. Do you know any tool to manage several SSL Certificates and see which want needs to be updated? Like a SSL Certificate manager, all in one?
can you make a tut how to remove bitnami ntcert ?
I'm not sure
Thank you!!!
No problem 😀
Does this include renew when there is a domain selection?
I have a Ubuntu with OpenLiteSpeed , i added this code
0 1 * * * certbot renew --quiet --post-hook "systemctl restart lsws"
to crontab to check everyday at 1 AM if it should renew
Will this code work ?
Tony how to do in Directadmin ?
My SSL is expired, how to renew using ftp ? I'm not familiar with server
Will this work on LiteSpeed servers? If not, then please suggest me how to do that.
Hi, my certificate is about to expire in 10 days. So i tried certbot renew command and getting error no renewals were attempted. Can you help.
hi bro, when i do the renewal the system give me this message "Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.." i´ve open this port on my firewall, i need help please. thanks
Is the cron job section in cpanel work?
Please make a video: how to install multiple WP site on linode
If you're using an Nginx server: th-cam.com/video/P7W4iYkFaOU/w-d-xo.html
If you're using an Apache server: th-cam.com/video/lGSRDV2IQhw/w-d-xo.html
One-click WordPress installs with Cloudways: th-cam.com/video/6mHfUEq6h4Y/w-d-xo.html
There is a way to do from the very start so you don't have to come in and add it. I do not remember where I found it. I thought it was on the let's encrypt page, but I cannot find it again now that I need it. It also shows how to include multiple domains. Can you please make a video showing how to do add the automatic updating from the start with multiple domains?
yes, coming soon!
Can you show us how to automate it on shared hosting like hostinger.. Thanks in advance..
If you don't have root access, you can use ACME to do this th-cam.com/video/bVbGW037fYk/w-d-xo.html
please also tell the process of doing it manually 🙏
certbot renew, should be obvious from the video ?
certbot renew
how to get this working in namecheap hosting, followed your last tutorial to install the cert but... in namecheap it says cerbot command not found I tried installing certbot but all my practices are failing till now....
Try Acme for Namecheap th-cam.com/video/bVbGW037fYk/w-d-xo.html
my cd /etc/apache2/ does not have sites-available. When I 'ls' the folder it only shows 'logs' am I missing something?
Are you perhaps using Nginx?? /etc/nginx
@@TonyTeachesTech this one doesn't exist either. I get " bash: cd: /etc/nginx: No such file or directory
@@TonyTeachesTech I am pretty sure I am using Apache. I am using the terminal that comes with namecheap. I have even tried to ssh into the site through my linux terminal and I still haven't been successful
@@samuelmartins9470 You don't have root access with Namecheap unless you're on a VPS, so you can't use Let's Encrypt. Here's an alternative th-cam.com/video/bVbGW037fYk/w-d-xo.html
@@TonyTeachesTech That's just it, sir. I am using a Let's encrypt ssl for my site using the method from your first video on how to install a free ssl certificate using namecheap and it worked. Setting up the cronjob for automatic renewals is the main problem. I had to reinstall it manually.
Two questions, Can I do the same in the cpanel console? and also can I do too in Cron jobs application in cpanel? Thanks
I believe so
Hi Tony, do you also have a easy way for Centos/Zimbra 8.8 mail server?
I don't have any content on setting up a mail server, but it's a possible topic for a future video
The cron job is setup to renew the certificate every sunday at 6am. How do I change the time on my server to local time (australia) otherwise 6am is 9pm local time. Also, is there a command to show whether I have apache or nginx operating system? I believe Namecheap uses apache only but I thought I better check.
This video should help you th-cam.com/video/nhqHACOn7ko/w-d-xo.html :)
I manually ran certbot renew and got a type: unauthorized and nginx 404 response. Now cert already expired and I can't seem to make it renew, could I privately share my configs and get some help?
Sure, you can always reach out to me on my contact page tonyteaches.tech/contact
@@TonyTeachesTech I couldn't send it through your site, looks like you got a form7 plugin error
@@FranckMercado could you please try again. The contact form should be working
@@TonyTeachesTech thanks! I was able to solved the issue. I was not pointing to the correct public folder. Please ignore related msg I sent through your web.
@@FranckMercado I'm very happy to hear that :)
What about when you install cyberpanel? is there anyway to automatically add ssl, I mean we should not manually add and click on each domain in cyber panel every time.
There is an SSL section in CyberPanel on the menu on the left side of the dashboard where you can install a certificate for your website
@@TonyTeachesTech yes sir it is ok, but is there any way to do this automatically because we have to remember which domain and what was date when I installed the ssl, for 5 domains it is hard.
@@harrisandreson A cron job will execute automatically at the time you specify in crontab
Hello, I have an EC2 instance on AWS and was able to install Let's Encrypt SSL Certificate. However, I wanted to have it automatically renewed and installed without me checking every 3 months. Does this auto renew done by certbot also auto installs it? Or do I still have to re-install the certificate manually? There's a step on certbot that tells me that I would still have to re-install the renewed certificate so it's still like checking back every 3 months.
Great vid, btw! :D
If you follow the tutorial tonyteaches.tech/lets-encrypt-renew-cron/ there should be no need to manually do anything in order to update the SSL certificate
Does that server need internet access?
Yes
Don't you need post-hook to restart nginx after certificate renewal?
Not unless you stop the web server with a pre-hook or need to do other processing. I have an example on my blog tonyteaches.tech/lets-encrypt-renew-cron/
Hi Tony, When i tried to connect to my website via Terminal i received this error: root@myexamplewebsite: Permission denied (publickey).
Did you provide the correct credentials?
@@TonyTeachesTech it did not ask me a credential. I tried both ways using Terminal and SSH as well from GCO console.
@@unseen.afghanistan Your server might not allow ssh connections from root
Thanks
Welcome
Thanks for the info.
For openlitespeed
/usr/local/lsws/admin/misc/rc-inst.sh
crontab -e
0 6 * * 0 certbot renew -n -q --pre-hook "service lsws stop" --post-hook "service lsws start"
is this correct tony?
Good work. That looks right to me. I always recommend testing it out on the command line first (outside of crontab). I realize your cert won't renew yet, but it's good to know that it runs without error.
@@TonyTeachesTech thanks. And pls check i am not able to comment on your blog. Some error
@@RaviKumar-fx5dz Thanks for letting me know. It should be working now.
If we have windows?
If you're on Windows, you can ssh to your server with Putty like this th-cam.com/video/pWDHUlvcAsg/w-d-xo.html
Hi Tony is this auto renewal works on digitalocean?
Yes
Will this work? I am not a coder so i do not understand what is written on your pinned comment but after reading it i have doubt if i follow you step by step will this work properly or any update to do ? Bcz u also wrote update in description , i am confuced 😭....
You can see what happens with the --dry-run renew flag. Simply run this command:
certbot renew --dry-run -n -q --pre-hook "service nginx stop" --post-hook "service nginx start"
@@TonyTeachesTech thanks tony 🙏 but i need some help
I am new to digital ocean and when i migrate my site with wp plugin to digital ocean and after that when i searched it showed me some error "Error in connecting to database" i also contacted digital ocean but they gave some technical instructions which i am unable to persue, plz help or make a video on it 🙏 they share me some mysql killed error , plz tony help me
I will share u SS on mail..
nice
Thanks Mukibul
How to get this working when no root logins are allowed? I mean, won't the cron job need to be executed as root?
You can switch to root after logging in
@@TonyTeachesTech Ah, so I su - root and then create the crontab. Thanks.
Hi, Your website is down / Link expired.
Seems to be working. Here's the link again tonyteaches.tech/lets-encrypt-renew-cron/
Hi Tony, i have an issue with SSL with my website, my website was running fine with Let Encrypt SSL but i generated new SSL request through Virtualmin now google chrome give me error while access virtualmin admin itself. l-ink2.com:10000/ Can you plz et me know how can i put it back to Let Encrypt SSL through ssh terminal. I watch ur this tutorial and follow your some step but not working. plz. help :)
It looks like you are using a self signed certificate. What happens if you go through the Let's Encrypt steps in this video? What steps aren't working for you? You might have to manually edit your web server's config file if the Let's Encrypt installer isn't overwriting your current ssl
@@TonyTeachesTech hi Tony, yes you are right i enabled self signed certificate. i get into the corntab file and setup corn job every min(s). but nothing happend after doing that. Yes, plz. let me know how do i manually edit my web server's config file. Yes, i got the msg before signing up new SSL certificate it will overwrite.
@@emadzdotcom1417 Okay and just to confirm, although Let's Encrypt claims it will overwrite your existing SSL, that's not happening?
the newer version of this video - with a simplified renewal process: th-cam.com/video/ghZXFyIyK1o/w-d-xo.html
Thank you!
You're welcome!