Hi Bill, I have in the past on linode VPS created a script to run the apache cert bot to renew them for me. Why don’t you do something similar and add the below command you mentioned to it and have it run after the auto renew process? And setup the renewal script to then run as a cron job.
Regards, Jonathan -----Original Message----- From: Bill Stephenson <[email protected]> Sent: 23 October 2020 21:48 To: [email protected] Subject: letsencrypt SSL certs break when updated Awhile back I’d mentioned I was having a problem with letsencrypt certs not working after being auto-updated. This happened again yesterday and the issue is caused by the certs ownership settings. My CouchDB is installed on a DigitalOcean VPS running Ubuntu 16.04 You can see the difference between the old and new certs below: -rw-r--r-- 1 couchdb root 1903 Jul 23 22:12 cert6.pem -rw-r--r-- 1 root root 1903 Oct 22 18:10 cert7.pem -rw-r--r-- 1 couchdb root 1647 Jul 23 22:12 chain6.pem -rw-r--r-- 1 root root 1647 Oct 22 18:10 chain7.pem -rw-r--r-- 1 couchdb root 3550 Jul 23 22:12 fullchain6.pem -rw-r--r-- 1 root root 3550 Oct 22 18:10 fullchain7.pem -rw------- 1 couchdb root 1708 Jul 23 22:12 privkey6.pem -rw------- 1 root root 1708 Oct 22 18:10 privkey7.pem After the letsencrypt update the new certs ownership need to be reset like so: sudo chown couchdb:root /opt/couchdb/letsencrypt/archive/cherrypc.com/cert7.pem And should look like something like this: -rw-r--r-- 1 couchdb root 1903 Oct 22 18:10 cert7.pem -rw-r--r-- 1 couchdb root 1647 Oct 22 18:10 chain7.pem -rw-r--r-- 1 couchdb root 3550 Oct 22 18:10 fullchain7.pem -rw------- 1 couchdb root 1708 Oct 22 18:10 privkey7.pem ( Hopefully sharing this here will help me remember this 3 months from now :D ) -- Kindest Regards, Bill Stephenson
