Automatic renewal of certificates

Hi,
for installing jitsi server certificates i used this script: /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Do i have to follow this guide to renew the certificates? Guide: https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx

Or… does the script set everything up by itself?

Thank you!

auto yes if not then certbot renew

Excuse me, but should i follow the certbot installation guide?

I don’t have to run the script again!

yes use certbot it works.

Ok! Thanks…

I have to follow the guide up to “ln -s / snap / bin / certbot / usr / bin / certbot”

Should i implement the last command in crontab?

Or does it set itself up?

Thanks…

it should set itself up but you have the option to run the certbot renew

Ok.
I will do this… I follow the guide, i try the renewal even if the server is working since yesterday. I study how it works to see if everything is ok. I would not like that every 80 days i have to manually start the renewal.

Should it automatically detect already installed certificates?

If i have problems i will write…

Thank you!

lets encrypt offers 90 day certs, if you try to renew before 90 days it may reject; however, in some applications it will auto renew.

Even if it refuses it’s not a problem… Anyway i know it works.

I hope that with jitsi and nginx it renews automatically…

I don’t have to restart the certificate header script…

Thank you…

IIRC the default Jitsi setup is to create a cron job that runs every week. If it runs in the interval between 90 days and 30 days before the validity limit it silently fails. You can read logs in /var/log/letsencrypt and you will see messages such as ‘Cert not yet due for renewal’. If your network setup don’t change between the time where the first certificate was granted and the renewal expiration date, everything will work fine when the certificate will be ‘due to renewal’. Else you will get errors in the log and in your mailbox if you have setup your mail address correctly in Let’sEncrypt configuration.

This is the log…

2020-11-16 01:55:36,745:DEBUG:certbot.main:certbot version: 0.40.0
2020-11-16 01:55:36,746:DEBUG:certbot.main:Arguments: [’-q’]
2020-11-16 01:55:36,746:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-11-16 01:55:36,754:DEBUG:certbot.log:Root logging level set at 30
2020-11-16 01:55:36,755:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-11-16 01:55:36,762:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7fdc1a78f250> and installer <certbot.cli._Default object at 0x7fdc1a78f250>
2020-11-16 01:55:36,770:INFO:certbot.renewal:Cert not yet due for renewal
2020-11-16 01:55:36,771:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2020-11-16 01:55:36,771:DEBUG:certbot.renewal:no renewal failures

It seems to me that it works…

@ [gpatel-fr] thanks for the info…

i had seen a script … which then did the nginx reload … but i wasn’t sure…

Thank you all!

Now I’m going to work for jibri…

Thanks again…