Learn about Centmin Mod LEMP Stack today
Become a Member

Poll SSL LetsEncrypt Expire renew

Discussion in 'Introductions' started by extremlymtorrents, Nov 8, 2021.

  1. extremlymtorrents

    extremlymtorrents New Member

    2
    0
    1
    Nov 8, 2021
    Ratings:
    +0
    Local Time:
    6:08 AM
    [07:38][root@localhost.localdomain ~]# sudo certbot renew --nginx
    Saving debug log to /var/log/letsencrypt/letsencrypt.log

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Processing /etc/letsencrypt/renewal/www.website.ws.conf
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Certificate not yet due for renewal

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    The following certificates are not due for renewal yet:
    /etc/letsencrypt/live/www.website.ws/fullchain.pem expires on 2022-0 2-05 (skipped)
    No renewals were attempted.

     
  2. extremlymtorrents

    extremlymtorrents New Member

    2
    0
    1
    Nov 8, 2021
    Ratings:
    +0
    Local Time:
    6:08 AM
    [09:32][root@localhost.localdomain ~]# certbot --nginx -c /usr/local/nginx/conf/nginx.conf
    usage:
    certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

    Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
    it will attempt to use a webserver both for obtaining and installing the
    certificate.
    certbot: error: Unexpected line 124 in /usr/local/nginx/conf/nginx.conf: '}';


    PHP:
    user              nginx nginx;
    worker_processes 4;
    worker_priority -10;

    worker_rlimit_nofile 520000;
    timer_resolution 100ms;

    pcre_jit on;
    include /
    usr/local/nginx/conf/dynamic-modules.conf;


    pid         logs/nginx.pid;

    events {
        
    worker_connections  100000;
        
    accept_mutex off;
        
    accept_mutex_delay 200ms;
        use 
    epoll;
        
    #multi_accept on;
    }

    http {
     
    map_hash_bucket_size 128;
     
    map_hash_max_size 4096;
     
    server_names_hash_bucket_size 128;
     
    server_names_hash_max_size 2048;
     
    variables_hash_max_size 2048;

     
    resolver 127.0.0.1 valid=10m;
     
    resolver_timeout 10s;

    limit_req_zone $binary_remote_addr zone=xwplogin:16m rate=40r/m;
    #limit_conn_zone $binary_remote_addr zone=xwpconlimit:16m;

    # sets Centmin Mod headers via headers more nginx module
    # https://github.com/openresty/headers-more-nginx-module
    # don't remove the first 2 lines as centmin mod checks to see if they're
    # missing and re-adds them anyway. Just uncomment the 3rd & 4th lines
    # which is used to override the Server header to what you want = nginx
    # and remove the X-Powered-By header + restart nginx service
    # do not disable headers more nginx module itself as it's required for
    # other centmin mod features like redis nginx level caching & letsencrypt
    # integration in vhosts created by addons/acmetool.sh
    more_set_headers "Server: nginx centminmod";
    more_set_headers "X-Powered-By: centminmod";
    #more_set_headers "Server: nginx";
    #more_clear_headers "X-Powered-By";

    # uncomment cloudflare.conf include if using cloudflare for
    # server and/or vhost site + setup cron job for command
    # /usr/local/src/centminmod/tools/csfcf.sh auto
    # run the auto command once to populate cloudflare ips
    #include /usr/local/nginx/conf/cloudflare.conf;
    # uncomment incapsula.conf include if using incapsula for
    # server and/or vhost site + setup cron job for command
    # /usr/local/src/centminmod/tools/csfincapsula.sh auto
    # run the auto command once to popular incapsula ips
    #include /usr/local/nginx/conf/incapsula.conf;
    include /usr/local/nginx/conf/maintenance.conf;
    #include /usr/local/nginx/conf/vts_http.conf;
    include /usr/local/nginx/conf/geoip.conf;
    include /
    usr/local/nginx/conf/webp.conf;
    include /
    usr/local/nginx/conf/ssl_include.conf;
    #include /usr/local/nginx/conf/pagespeedadmin.conf;
    include /usr/local/nginx/conf/fastcgi_param_https_map.conf;
    include /
    usr/local/nginx/conf/default_phpupstream.conf;

    log_format  main  '$remote_addr - $remote_user [$time_local] $request '
                    '"$status" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
                    ' "$connection" "$connection_requests" "$request_time"'
    ;

    log_format  ddos-proxy '$remote_addr for $http_x_real_ip - $remote_user [$time_local] $request '
                    '"$status" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
                    ' "$connection" "$connection_requests" "$request_time"'
    ;

    log_format  main_ext  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for" '
                          '"$host" sn="$server_name" '
                          'rt=$request_time '
                          'ua="$upstream_addr" us="$upstream_status" '
                          'ut="$upstream_response_time" ul="$upstream_response_length" '
                          'cs=$upstream_cache_status' 
    ;

    log_format main_json escape=json '{'
      '"msec": "$msec", ' 
    # request unixtime in seconds with a milliseconds resolution
      
    '"connection": "$connection", ' # connection serial number
      
    '"connection_requests": "$connection_requests", ' # number of requests made in connection
      
    '"pid": "$pid", ' # process pid
      
    '"request_id": "$request_id", ' # the unique request id
      
    '"request_length": "$request_length", ' # request length (including headers and body)
      
    '"remote_addr": "$remote_addr", ' # client IP
      
    '"remote_user": "$remote_user", ' # client HTTP username
      
    '"remote_port": "$remote_port", ' # client port
      
    '"time_local": "$time_local", '
      '"time_iso8601": "$time_iso8601", ' 
    # local time in the ISO 8601 standard format
      
    '"request": "$request", ' # full path no arguments if the request
      
    '"request_uri": "$request_uri", ' # full path and arguments if the request
      
    '"args": "$args", ' # args
      
    '"status": "$status", ' # response status code
      
    '"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client
      
    '"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client
      
    '"http_referer": "$http_referer", ' # HTTP referer
      
    '"http_user_agent": "$http_user_agent", ' # user agent
      
    '"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for
      
    '"http_host": "$http_host", ' # the request Host: header
      
    '"server_name": "$server_name", ' # the name of the vhost serving the request
      
    '"request_time": "$request_time", ' # request processing time in seconds with msec resolution
      
    '"upstream": "$upstream_addr", ' # upstream backend server for proxied requests
      
    '"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS
      
    '"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers
      
    '"upstream_response_time": "$upstream_response_time", ' # time spend receiving upstream body
      
    '"upstream_response_length": "$upstream_response_length", ' # upstream response length
      
    '"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable
      
    '"ssl_protocol": "$ssl_protocol", ' # TLS protocol
      
    '"ssl_cipher": "$ssl_cipher", ' # TLS cipher
      
    '"scheme": "$scheme", ' # http or https
      
    '"request_method": "$request_method", ' # request method
      
    '"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0
      
    '"pipe": "$pipe", ' # “p” if request was pipelined, “.” otherwise
      
    '"gzip_ratio": "$gzip_ratio", '
      '"http_cf_ray": "$http_cf_ray"'
    '}'
    ;

    # only uncomment include line to enable it you have enabled ngx_brotli module
    # which is disabled by default https://community.centminmod.com/threads/10688/
    #include /usr/local/nginx/conf/log_format_brotli.conf;

    access_log  off;
    error_log   logs/error.log warn;

        
    index  index.php index.html index.htm;
        include       
    mime.types;
        
    default_type  application/octet-stream;
        
    charset utf-8;

    sendfile on;
    sendfile_max_chunk 512k;
    tcp_nopush  on;
    tcp_nodelay on;
    server_tokens off;
    server_name_in_redirect off;

    keepalive_timeout  10s;
    keepalive_requests 50000;
    lingering_time 20s;
    lingering_timeout 5s;
    keepalive_disable msie6;

    gzip on;
    gzip_vary   on;
    gzip_disable msie6;
    gzip_static on;
    gzip_min_length   1400;
    gzip_buffers      1024 8k;
    gzip_http_version 1.1;
    gzip_comp_level 5;
    gzip_proxied    any;
    gzip_types text/plain text/css text/xml application/javascript application/x-javascript application/xml application/xml+rss application/ecmascript application/json image/svg+xml;

    client_body_buffer_size 256k;
    client_body_in_file_only off;
    client_body_timeout 30s;
    client_header_buffer_size 64k;
    ## how long a connection has to complete sending
    ## it's headers for request to be processed
    client_header_timeout  30s;
    client_max_body_size 1024m;
    connection_pool_size  512;
    directio  4m;
    directio_alignment 512;
    ignore_invalid_headers on;       
    large_client_header_buffers 8 64k;
    output_buffers   2 32k;
    postpone_output  1460;
    proxy_temp_path  /tmp/nginx_proxy/;
    request_pool_size  32k;
    reset_timedout_connection on;
    send_timeout     60s;
    types_hash_max_size 2048;

    # for nginx proxy backends to prevent redirects to backend port
    # port_in_redirect off;

    open_file_cache max=50000 inactive=60s;
    open_file_cache_valid 120s;
    open_file_cache_min_uses 2;
    open_file_cache_errors off;
    open_log_file_cache max=10000 inactive=30s min_uses=2;

    ## limit number of concurrency connections per ip to 16
    ## add to your server {} section the next line
    ## limit_conn limit_per_ip 16;
    ## uncomment below line allows 500K sessions
    # limit_conn_log_level error;
    #######################################
    # use limit_zone for Nginx <v1.1.7 and lower
    # limit_zone $binary_remote_addr zone=limit_per_ip:16m;
    #######################################
    # use limit_conn_zone for Nginx >v1.1.8 and higher
    # limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
    #######################################

     
    include /usr/local/nginx/conf/conf.d/*.conf;
    }
     
  3. eva2000

    eva2000 Administrator Staff Member

    47,498
    10,769
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,742
    Local Time:
    2:08 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    welcome @extremlymtorrents to Centmin Mod Community. Centmin Mod doesn't use certbot but has it's own Letsencrypt integration. It's best to post your letsencrypt renewal issue in appropriate forum at https://community.centminmod.com/forums/domains-dns-email-ssl-certificates.44/.

    There are 6 steps to learning more about Centmin Mod ;) And to modifying config files and manage services more quickly, check out Centmin Mod Command Shortcuts. Recently relaunched official Centmin Mod Blog at https://blog.centminmod.com/ also have more advanced tips and tutorials as well :D

    Might also be interested in reading up on latest LEMP stack comparison benchmarks tagged here.

    You might want to try the 123.09beta01 build as it will be next stable release and well has alot of improvements if you check 2nd post change log at Beta Branch - Centmin Mod .09 beta branch Testing. And you can share your initial install times here.

    Threads you might want to participate in ;)

    Quick Tips


    Threads & Info To Bookmark



    Threads to read, pages to bookmark and threads to watch/subscribe to get to know Centmin Mod would include:

    Centmin Mod Insights Forum



    The Centmin Mod Insights forums digs deeper into the inner workings of Centmin Mod so some useful threads in this forum include:

    Security Related Developments



    A few security related developments you might be interested reading about

    Premium Membership


    Centmin Mod Donations



    You now can show your love and support for Centmin Mod via