Questions tagged [lets-encrypt]

Question 1

I have reverse proxy with acme-companion on my docker stack - all behind ufw. I was using different solution before - but similar, and it worked. I had to change it since old solution were not updated ...

Question 2

I have Ubuntu Server, Apache2 and certbot installed. I downloaded ThawtePCA.crt.pem from https://knowledge.digicert.com/general-information/digicert-trusted-root-authority-certificates set chown to ...

Question 3

I am running 2 forums and since the forum software does not support any current PHP and MySsql/Mariadb versions from Debian 10 forward, I am forced to stay on Debian 9. Either that or no forums ...

Question 4

I need to have a rewrite of http to https with Apache and I also need to handle let's encrypt challenge for renewal, then I wrote this configuration, with Alias for Let's Encrypt and Rewrite for http-&...

Question 5

When using mod_md, is there a way to renew a Let's Encrypt certificate with the same public key (an equivalent to certbot renew --reuse-key)? I'd like to avoid having to change DNS DANE TLSA records ...

Question 6

Is there an example configuration of eclipse-mosquitto 2.x (docker container) on Kubernetes to restart automatically the pod when cert-manager obtains a new Let's encrypt certificate automatically (...

Question 7

I have a Centos 7 server that I'm having trouble clearing the smtp warning for outbound mail. I get: Untrusted TLS connection established to... [any domain] I am using letsencrypt. I have searched ...

Question 8

I'm currently setting up Cyrus IMAPd on my server in conjunction with certificates from Let's Encrypt to enable imaps, however, while doing s I have run into a problem: Attempting to load the ...

Question 9

From the official statement located at https://letsencrypt.org/2024/12/05/ending-ocsp/ August 6, 2025 On this date we will turn off our OCSP responders. I would like to know, if in Apache2 on Debian ...

Question 10

I have a new server with Rocky Linux 9.5. I have Apache installed and am creating the certificates I need with Certbot. When I run: certbot --apache -d mydomain after getting the certificate, and ...

Question 11

CA/B is decreasing certificate duration in stages culminating in 47 days on March 15, 2029. Currently Let's Encrypt hands out 90-day certificates. Does Let's Encrypt have their own roadmap of when/how ...

Question 12

hello I have a website with SSL certificate called englishsociety.net if you open it on tab you can find the lock is working but I am facing an issue with different port let's say this port for ...

Question 13

I found another server fault question that seemed similar, but none of the answers helped. # ipa-pkinit-manage status PKINIT is enabled The ipa-pkinit-manage command was successful # ipa -v ping ipa: ...

Question 14

After updating the certificate on a microk8s cluster, the following error occurred: SSL_ERROR_UNRECOGNIZED_NAME_ALERT Is Let's Encrypt not working? Previously the domain could be accessed but now it ...

Question 15

I'm using acme.sh to create a certificate for an older server, which I need to run for various reasons. However, I'm missing something wrt the .well-known/acme-challenge part. When I run the script: ...

Question 16

I have a docker container running a NGINX website behind a docker container running a NGINX Gateway. Both on the same host. Using URL 'my-site.com'. The webroot files are in a folder on host that are ...

Question 17

I have dovecot setup to use the letsencrypt certificates I use for my website. The certificates are updated automatically every 90 days (I think), I check for updates every week. The website (httpd) ...

Question 18

Have ancient domain. Registrar NameCheap, nameservers point to linode, no server running. If I do a dig +trace, returns no DNS records, which is what I expect. However, the domain shows up on ...

Question 19

The following Virtualmin dialog supposedly allows creating/renewing Lets Encrypt SSL certs in Virtualmin, however, the process fails because of 2 errors. The first error is a strange mkdir error about ...

Question 20

I'm trying to somehow generate some SSL certificates using Certify The Web / IIS but every time (and with every certificate authority) I just get a timeout: Timeout during connect (likely firewall ...

Question 21

Question: I am running an NGINX server with approximately 150 virtual host configurations. Occasionally, clients report that their SSL certificate is incorrect, and their domain points to another ...

Question 22

I need some advice on how to properly use Certbot to obtain SSL certificates from Let's Encrypt. For context, I am doing this in a script, so I need it to be non-interactive. I have a basic ...

Question 23

After getting certificate from issuer apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: letsencrypt-staging spec: acme: # The ACME server URL server: https://acme-staging-v02.api....

Question 24

Am running Apache 2.4 on Windows, with Let's Encrypt certification. Now, in July this year, Let's Encrypt announced intention to remove OCSP Service. Am using mod_md and hppt-01 challenge for ...

Question 25

We are getting notifications of two CA's expiring in pfSense - shown below in a yellow colour: These are: Acmecert: O=(STAGING) Internet Security Research Group, CN=(STAGING) Pretend Pear X1, C=US ...

Question 26

I have set up nginx as a reverse proxy for my app with LetsEncrypt as SSL. All goes smoothly, but sometimes all of a sudden nginx goes down with an error message: Already bind with port 80/443 and a ...

Question 27

I've got a small k3s cluster in my home hosting a few websites and local applications. For the most part, I've been able to wrangle it to host a variety of services, but the LetsEncrypt functionality ...

Question 28

I'm trying to enable HTTPS on my Nginx server for two applications: a Strapi API and a React client application. React running from /home/rocky/231009twins/front/dist on port 50001 with pm2. Served on ...

Question 29

I'm a iOS/Android developer and I'm not too expert with servers so I don't know how to make a server migration in the least risky way. This is my current scenario (this has been working for a long ...

Question 30

I'm using certbot, on Ubuntu 22, to generare ssl certificate. All works fine but all certificate is generated in the following folder /etc/letsencrypt/live/domain/cert.pem The problem is that user and ...

Question 31

I have FreeIPA on Rocky 8. I installed custom certs from LetsEncrypt using the command ipa-cacert-manage -p DM_PASSWORD -n NICKNAME -t C,, install ca.crt ipa-certupdate ipa-server-certinstall -w -d /...

Question 32

I am trying to setup a Mastodon instance on Ubuntu 22.04. I have setup Nginx as a reverse proxy and now I am trying to generate an SSL certificate with Let's Encrypt. When I run certbot --nginx -d ...

Question 33

I have this script in /home/user/renew.sh ( cd /home/user/website/ && docker compose run --rm certbot renew --dry-run && docker compose kill -s SIGHUP webserver ) sudo crontab -e */5 *...

Question 34

Using Mailu docker image, I built an email server on Debian 12. Whenever the certificate expires, I use docker compose down and docker compose up command so certificate will be renewed. What I ...

Question 35

While trying to perform telnet on port 587 when I enter "AUTH LOGIN" the connection is closed ("Connection closed by foreign host.") and I have the following logs in my postfix ...

Question 36

I am trying to give SSL on HAProxy using certbot with LetsEncrypt. I am creating SSL with command: sudo certbot certonly --standalone -d test.example.com \ --non-interactive --agree-tos --email ...

Question 37

Whenever I update the SSL cert on the server (Alma Linux) I restart Postfix. I usually do this a few days or a week before the certificate runs out. However mail connections always fail on the day the ...

Question 38

I am using Godaddy as my domain registrar and created a <subdomain_name> which is linked to my servers IP address on Digital Ocean. I am also using Let's encrypt to get SSL certificates and ...

Question 39

I have a Debian server running Rocket Chat. The web interface is on port 3000 and works. I am trying to configure LetsEncrypt and checking the firewall it appears only port 22 is permitted. How can I ...

Question 40

I am trying to set up TLS certificates for my standalone MongoDB instance on a cloud compute instance. I got the certificates from certbot using the command sudo certbot certonly --standalone -d. i ...

Question 41

How do I properly issue Let's Encrypt certificate for my Postfix mail server? Right now I have a self-signed certificate and I get these messages it cannot be trusted. I did certbot --nginx certonly -...

Question 42

Here is Lets encrypt documentation regarding http validation: "Our implementation of the HTTP-01 challenge follows redirects, up to 10 redirects deep. It only accepts redirects to “http:” or “...

Question 43

It seems I'm encountering an issue while setting up secure connections for my clients to connect to my database server on Debian 12. Every time I attempt to start MariaDB, it crashes with a Private ...

Question 44

From RouterOS's webfig CLI I attempted to create a LetsEncrypt cert: certificate/enable-ssl-certificate dns-name=my.domain.com But it returned the error: progress: [error] http challenge validation ...

Question 45

I am running Postfix inside a docker container. Certificate are generated with certbot. With the following configuration: smtpd_tls_cert_file=/var/keys/fullchain.pem smtpd_tls_key_file=/var/keys/...

Question 46

I followed the link below for setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7. How to Setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7 But info on that link has been ...

Question 47

Let's Encrypt has started issuing ECC certificates by default since Certbot 2.0. This is not a problem for modern web browsers, but Let's Encrypt certificates can be used for other purposes than HTTPS,...

Question 48

I have been using Let's Encrypt certificates for some of my domains/servers for a while, using the win-acme client for Windows for the generation and renewal. My problem is: every renewal I have to ...

Question 49

I'm currently facing an issue with my LinuxForHealth FHIR Server setup and SSL certificates. I have the FHIR server running as a Docker container on my server, using a self-signed certificate and ...

Question 50

Quoted from the documentation: myhostname The internet hostname of this mail system. The default is to use the fully-qualified domain name (FQDN) from gethostname(), or to use the non-FQDN result ...