SHARE

I recently noticed that let’s Encrypt has new tool to renew ssl certs. 

if you can see:
https://github.com/letsencrypt/letsencrypt

redirect to:

https://github.com/certbot/certbot

so we have to migrate from old tool to new tool to renovate ssl certs. here it goes:

first deactivate nginx and varnish if you have activated

service nginx stop

(optional)
service varnish stop

make a backup of your nginx files inside on the next dir:

/etc/nginx/sites-available
/etc/nginx/sites-enabled

then delete files inside them

remove letsencrypt folders

rm -rf /opt/letsencrypt

rm -rf /etc/letsencrypt

now installing cerbot
sudo add-apt-repository ppa:certbot/certbot

then update
sudo apt update

finally install nginx package for cerbot
sudo apt install python-certbot-nginx

you will have to generate:
sudo certbot --nginx -d example.com -d www.example.com

regenerate nginx files
#copy to site enabled
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com

then restart nginx
service nginx restart

then create bash file to renew ssl automatically:

#!/bin/bash

echo "starting to renew..."

#stop nginx and varnish
echo "stop nginx and varnish..."
service nginx stop
service varnish stop

#renew ssl
echo "letsencrypt auto renew goes..."
# for testing
#sudo certbot renew --dry-run

#for renew
sudo certbot renew

#killing all nginx processes
kill $(ps aux | grep '[n]ginx' | awk '{print $2}')

#restart nginx and varnish
echo "restart nginx and varnish..."
service nginx restart
service varnish restart

and add file to cron:
crontab -e

then add the next line
0 0 1 * * /yourdir/file.sh

it will execute the file every month

I hope it will be helpfull for someone else

ref:https://www.digitalocean.com/community/tutorials/como-asegurar-nginx-con-let-s-encrypt-en-ubuntu-18-04-es

UPGRADING CERTBOT

If you have already installed Certbot, you should add a parameter to apt-get install to upgrade only a specific package

sudo apt-get update

sudo apt-get install certbot python-certbot-nginx

KILLING NGINX PROCESSES

Let’s talk about what we have here first:

$ nginx -s reload
2016/03/23 16:11:27 [error] 24992#0: invalid PID number “” in “/run/nginx.pid”
It’s probably because the /run/nginx.pid file is empty, that causes issues with stop|start|restart commands, so you have to edit it by sudo and put there PID of your current running nginx service (master process). Now, let’s have a look at the next lines, which are connected with.

$ ps -ef | grep nginx
root 25057 2840 0 16:16 pts/1 00:00:00 grep –color=auto nginx
$ kill -9 25057
bash: kill: (25057) – No such process
You’re trying here to kill NOT a main process of the nginx. First try to run the following command to see the pids of an nginx master process and his worker:

$ ps -aux | grep “nginx”
root 17711 0.0 0.3 126416 6632 ? Ss 18:29 0:00 nginx: master process nginx -c /etc/nginx/nginx.conf
www-data 17857 0.0 0.2 126732 5588 ? S 18:32 0:00 nginx: worker process
ubuntu 18264 0.0 0.0 12916 984 pts/0 S+ 18:51 0:00 grep –color=auto nginx
Next, kill both:

$ sudo kill -9 17711
$ sudo kill -9 17857
and then try to run an nginx again.

$ service nginx start
Nothing..
Have nothing to say here 😉

A better way to kill all nginx processes is

kill $(ps aux | grep '[n]ginx' | awk '{print $2}')

To kill all PHP Processes
kill $(ps aux | grep '[p]hp' | awk '{print $2}')

To kill all MySQL Processes
kill $(ps aux | grep '[m]ysql' | awk '{print $2}')