I’m new to Hestia (debian 11) and I’m still trying to understand my way around.
I have one domain, I have its certificates and using certbot I have the letsencrypt certificate files privkey.pem and fullchain.pem.
In 3 months, the certificate will expire and I’m trying to understand how the renewal works. I saw the following cron but is it really running every minute or daily at 1:52?
Certbot checks for certificates that need to be renewed when called by the cron job. If none meet the criteria, nothing is done. The default renewal interval is sixty days, or 2/3 of the certificate’s 90 day lifespan.
The EFF has an FAQ for certbot that may interest you.
The renewal is not done using certbot so I understand correctly that it updates the files in this folder /home/user/conf/web/example.com/ssl and I need, using certbot, to update the files in this folder /etc/letsencrypt/live/example.com?
I ask because in order to create the certificate for the first time, I used dns challenge and the process took a while. Doing it once, is ok, I just wonder if I need to do it every 2 or so months and if so, to think about a way to automate it.
I just want my node server to work at the moment I do this in order for it to work as https
const options = {
key: fs.readFileSync(‘/etc/letsencrypt/live/example.com/privkey.pem’),
cert: fs.readFileSync(‘/etc/letsencrypt/live/example.com/fullchain.pem’),
};
I didn’t understand the difference between the above files which I got from certbot (dns challenge) and the original files that were created automatically when I created the web domain in Hestia.
The script you wrote here updates the above files as well?
Right but I need other certificate files which are privkey.pem and fullchain.pem and they aren’t created as part of creating the web host/server by Hestia. The mentioned files are created only after I run certbot and they are created in a different location, under letsencrypt folder /etc/letsencrypt/live/example.com/
Thanks but not sure of the following, I have 4 files created by Hestia
example.com.ca
example.com.crt
example.com.key
example.com.pem
I need 2 files that certbot creates
privkey.pem
fullchain.pem
2 more files that are created with certbot but I don’t use
cert.pem
chain.pem
I guess example.com.key => privkey.pem?
what is fullchain.pem?
I think what confuses me is that I don’t understand the difference between the 4 files that are created by hestia and certbot and how they are relate to one another.