My letsencrypt SSL cert wasn’t renewing. I’d forgotten that I moved my wife’s site to squarespace so that caused the renewal to not find the site on my IP, causing it to fail with something like:
Attempting to renew cert . . . produced an unexpected error: Failed authorization procedure.
I was using the same cert for multiple sites. Note though, you don’t actually remove the superfluous/relocated sites from the cert and then renew, instead you recreate the cert with just the domains you want. Makes sense.
Anyway, here are some really good instructions and explanation.
And just in case that site isn’t around, basically you’re running:
sudo certbot --cert-name jimwillis.org -d jimwillis.org -d www.jimwillis.org
And then you can run
sudo certbot certificates
To make sure that the domains were removed from the cert. Handily, it also renews the cert when you run that command.
In trying to harden my WordPress install that’s hosted on Linode I decided to enable https for encrypting the login page. At first I just went with the old self-signed certificate route and it was fine but boy did I have to jump through some hoops to get iOS/my iPhone to play nicely.
Then I noticed that Google’s Chrome browser was giving me a “not secure” message on my site (and on the other sites I host on Linode) and realized that Google no-likey the self-signed certificates and further research showed that Google may actually penalize your site in search results if you don’t have a CA-signed SSL cert.
I didn’t want to pay for an SSL cert just to encrypt my WordPress login and googling didn’t return much until I came across Linode’s great documentation for Securing HTTP Traffic with Certbot.
Here I learned about Let’s Encrypt and the way they handle requesting certificates. Super, super cool. And Free. And with the instructions from Linode it was so easy to do.
And now none of my hosted sites are getting that pesky Not-Secure error from Google Chrome!