SSL and Certbot
Automatically renewing a certificate isn't that hard, is it?
SSL, I love it, you do too, when it works. If it doesn't, well then you just scoff and think to yourself “How could THEY mess this up? it's just a certificate. Even I have automatic renewals enabled!”. Well, I can proudly say that I have lost those bragging rights approximately one week ago when my certificates failed to renew for my site. Today at about 1AM I went onto my site to quickly realize that all my certs were expired as of 10 days ago. I tried not getting out of bed, but ssh on my phone didn't really cut it. So I powered on my notebook and looked in my system logs to find that certbot tried to renew my certificates, but couldn't because nginx was enabled. This makes sense considering I set up all my certs ahead of time without specifying what kind of webserver they're used by, so certbot just assumed that port 80 would be free to use. A quick palm to the face and one python3-certbot-nginx later I could finally renew my certificates with certbot renew --nginx. The lesson I learned is to never trust certbot when it tells you that it will automatically update certificates. Now I hope that certbot will continue to use the nginx renewal method from now on, but if it doesn't then I'll just make a cron entry for it. In conclusion, never make fun of someone's missing SSL because one day you will be that guy.
I was kinda debating myself if I should make this into a full-fledged blog post because of it's length, but I think I am obligated to write this because of my previous arogance in relation to other sites.