Renombramos los ficheros del certificado caducado, por si acaso hubiera algún fallo, poder volver atrás.
mv /etc/letsencrypt/archive/tpv.ircosl.com /etc/letsencrypt/archive/tpv.ircosl.com_old
mv /etc/letsencrypt/live/tpv.ircosl.com /etc/letsencrypt/live/tpv.ircosl.com_old
mv /etc/nginx/sites-available/tpv.ircosl.com /etc/nginx/sites-available/tpv.ircosl.com_old
mv /etc/nginx/sites-enable/tpv.ircosl.com /etc/nginx/sites-enable/tpv.ircosl.com_old
Seguir con el proceso de creado de certificado
sudo nano /etc/nginx/sites-available/tpv.ircosl.com
------------------------INICIO CODIGO---------------------------------
server {
listen 80;
server_name tpv.ircosl.com tpv.ircosl.com;
include snippets/letsencrypt.conf;
}
------------------------------FIN CODIGO-------------------------------
sudo ln -s /etc/nginx/sites-available/tpv.ircosl.com /etc/nginx/sites-enabled/
sudo systemctl restart nginx
sudo certbot certonly --agree-tos --email soporteti@ircosl.com --webroot -w /var/lib/letsencrypt/ -d tpv.ircosl.com
------------------EJEMPLO CERTIFICADO INSTALADO CORRECTAMENTE-----------------------------
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/tpv.ircosl.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/tpv.ircosl.com/privkey.pem
Your cert will expire on 2020-09-08. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
- We were unable to subscribe you the EFF mailing list because your
e-mail address appears to be invalid. You can try again later by
visiting https://act.eff.org.
-------------------------------------------------------------------------------------------
/// Una vez se ha generado el certificado CUIDADO!!
En la carpeta /etc/letsencrypt/archive/ se ha generado el certificado pero con otro nombre, véase tpv.ircosl.com-0001. Debemos renombrar este ficheros en este punto quitándole el -0001
En su interior veremos que los archivos pem también están nombrados a chain1.pem, fullchain1.pem, cert1.pem, etc, por lo que también hay que renombrarlos quitándole el 1.
Después en la carpeta live eliminar los enlaces simbólicos para volverlos a generar de nuevo.
ASEGURARSE BIEN DE QUE TODO ESTÁ CORRECTO
--------------------------------------------------------------------
/// Editar tpv.ircosl.com
--------------------------------------------------------------------
sudo nano /etc/nginx/sites-available/tpv.ircosl.com
------INICIO CODIGO (REMPLAZAR LA INFORMACION ANTERIOR EN LE ARHIVO)-----------------------
server {
listen 80;
server_name tpv.ircosl.com tpv.ircosl.com;
include snippets/letsencrypt.conf;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name tpv.ircosl.com;
ssl_certificate /etc/letsencrypt/live/tpv.ircosl.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tpv.ircosl.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/tpv.ircosl.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://tpv.ircosl.com$request_uri;
}
server {
listen 443 ssl http2;
server_name tpv.ircosl.com;
ssl_certificate /etc/letsencrypt/live/tpv.ircosl.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tpv.ircosl.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/tpv.ircosl.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
# . . . other code
}
------FIN CODIGO (REMPLAZAR LA INFORMACION ANTERIOR EN LE ARHIVO)-----------------------
sudo systemctl reload nginx
------------------------------------------------
//// Renovar Certificados Vencidos
------------------------------------------------
service nginx stop
sudo certbot certonly --agree-tos --email soporteti@ircosl.com --webroot -w /var/lib/letsencrypt/ -d tpv.ircosl.com
service nginx start
-----------------------------------------
/// Configuracion Final de SSL y Nginx
-----------------------------------------
-----------------------------------------
/// Editar tpv.ircosl.com
-----------------------------------------
sudo nano /etc/nginx/sites-enabled/tpv.ircosl.com
-----------INICIO CODIGO (REMPLAZAR LA INFORMACION ANTERIOR EN LE ARHIVO)-----------------
# Odoo servers
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
# HTTP -> HTTPS
server {
listen 80;
server_name tpv.ircosl.com;
include snippets/letsencrypt.conf;
return 301 https://tpv.ircosl.com$request_uri;
}
# WWW -> NON WWW
#server {
# listen 443 ssl http2;
# server_name tpv.ircosl.com;
# ssl_certificate /etc/letsencrypt/live/tpv.ircosl.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/tpv.ircosl.com/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/tpv.ircosl.com/chain.pem;
# include snippets/ssl.conf;
# return 301 https://tpv.ircosl.com$request_uri;
#}
server {
listen 443 ssl http2;
server_name tpv.ircosl.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Proxy headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl_certificate /etc/letsencrypt/live/tpv.ircosl.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tpv.ircosl.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/tpv.ircosl.com/chain.pem;
include snippets/ssl.conf;
# log files
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;
# Handle longpoll requests
location /longpolling {
proxy_pass http://odoochat;
}
# Handle / requests
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
# Cache static files
location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
# Gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
------FIN CODIGO (REMPLAZAR LA INFORMACION ANTERIOR EN LE ARHIVO)-----------------------
En este punto debemos para atención en el nombre de la carpeta que se ha generado en el certificado. La ubicación es /etc/letsencrypt/live/tpv.ircosl.com. En esta ubicación comprobamos que se ha generado el certificado con sufijo -0002.
Pues debemos de quitar ese prefijo solo en la carpeta live, en archive se debe de quedar tal cual.
sudo systemctl restart nginx