EDIT: Thanks everyone for your time and responses. To break as little as possible attempting to fix this I’ve opted to go with ZeroSSL’s DNS process to acquire a new cert. I wish I could use this process for all of my certs as it was very quick and easy. Now I just have to figure out the error message lemmy is throwing about not being able to run scripts.
Thank you all for your time sincerely. I understand a lot more than I did last night.
Original Post
As the title says I’m unable to renew a cert on a self-hosted lemmy instance. A friend of mine just passed away and he had his hands all up in this and had it working like magic. I’m not an idiot and have done a ton of the legwork to get our server running and working - but lemmy specifically required a bit of fadanglin’ to get working correctly. Unfortunately he’s not here to ask for help, so I’m turning to you guys. I haven’t had a problem with any of my other software such as nextcloud or pixelfed but for some reason lemmy just refuses to cooperate.
I’m using acme.sh to renew the cert because that’s what my buddy was using when he had set this all up. I’m running apache2 on a bare metal ubuntu server.
If you can make any suggestions at all on what I might be missing or what may be configured incorrectly I’d greatly appreciate a nudge in the right direction as I’m ripping my hair out.
I appreciate the offer. If I get stuck I’ll dump it. If it’s as straight forward as everyone says I should be able to pull it off it looks so easy. Don’t want to make others do my work for me unduly.
Only thing I’m having trouble with so far is handling a line like this >
<FilesMatch \.php$> # Apache 2.4.10+ can proxy to unix socket SetHandler "proxy:unix:///run/php74-fpm.sock|fcgi://localhost/" </FilesMatch>
Not really sure how caddy handles this.
thank you for taking the time to share, I actually moved over to nginx… all over the place >_> a few people have made it pretty clear I’m going to overwhelm caddy quickly with the number of different domains and sites we host so I’m starting over with nginx now.
Caddy is awesome! I originally went for nginx proxy manager to manage my certs as it has a GUI. However, despite being text based, Caddy is so even easier to configure…
email myemail@mydomain.net
}
jellyfin.mydomain.net {
reverse_proxy 192.168.0.1:8096
}```
That's all there is to it. Caddy does the heavy lifting.
I don’t think you even need to configure the email.
If I recall correctly emails are optional for Let’s Encrypt but Caddy are partnered with ZeroSSL who do require emails so you’re encouraged to provide one.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
I’m really surprised noone mentioned Caddy which handles all the SSL business for you. Not to mention an easier config :)
How hard would it be to switch in your experience… I’d love something this simple. Nervous to tear stuff down though.
I dont think its hard :)
Can you post your apache config?
Ive been so long on Caddy i havent touched Apache or nginx for ages. But i’m pretty sure i or someone else can help you convert your config :)
I appreciate the offer. If I get stuck I’ll dump it. If it’s as straight forward as everyone says I should be able to pull it off it looks so easy. Don’t want to make others do my work for me unduly.
Oh my god… i completely overlooked the config in your original message!!
Un any case, look at this: https://join-lemmy.org/docs/administration/caddy.html
Someone done the work, and they would be glad if you made use of it :)
And if you start with: lemmy.domain.tld:81 {
You can even have it run on a different port, so you can test it without risking your apache config.
Only thing I’m having trouble with so far is handling a line like this >
<FilesMatch \.php$> # Apache 2.4.10+ can proxy to unix socket SetHandler "proxy:unix:///run/php74-fpm.sock|fcgi://localhost/" </FilesMatch>Not really sure how caddy handles this.Look here: https://caddyserver.com/docs/caddyfile/directives/php_fastcgi
I’m not near a computer right now, but tomorrow i can show an example of my nextcloud setup. Its also php with Caddy :)
thank you for taking the time to share, I actually moved over to nginx… all over the place >_> a few people have made it pretty clear I’m going to overwhelm caddy quickly with the number of different domains and sites we host so I’m starting over with nginx now.
This is brilliant thank you. This is going to save me dozens of hours.
Caddy is awesome! I originally went for nginx proxy manager to manage my certs as it has a GUI. However, despite being text based, Caddy is so even easier to configure…
I don’t think you even need to configure the email.
If I recall correctly emails are optional for Let’s Encrypt but Caddy are partnered with ZeroSSL who do require emails so you’re encouraged to provide one.