Hello
I have setup lets encrypt about 3 months back. I got a email that its about to expire. So i looked at the below link, and found the command to renew. (sudo bench renew-lets-encrypt).
“Setting up TLS SSL certificates Let’s Encrypt for ERPNext sites”
I have two questions
How do i remove lets encrypt ssl. So that i can access my site using http, if i have issues with renewals etc.
I also see that auto renewal is already setup in the crontab, but its not being auto renewed. Below is the crontab entry. What change do i have to do to get auto renewal working.
if you want to be able to also access the page using https, you can disable enforcing https. To do this, open ./config/nginx.conf and comment out the following lines at the end:
# http to https redirect
server {
listen 80;
server_name
intern.mages-uhren.ch
;
return 301 https://$host$request_uri;
}
Add a “listen 80” block similar to the 443 except without the SSL configuration. Then, restart nginx and you should be able to access the server through either http or https.
What is the error message that you get on bench renew-lets-encrypt?
I was able to renew without issues using “sudo bench renew-lets-encrypt”
But i wanted to just find out what i need to do to disable https and use http if some failures happen. And why auto renewal is not working. So i asked the above questions.
For https and http to work simulatneously.
I undrstood, i have to comment out the listen 80. And then, Below is what i understood, pls correct me if i am wrong.
Add a new listen 80 block similar to below listen 443, right. And remove the lines 239 to 245 right.
Yes, line 229 should be listen 80; and remove 239 … 245 on the listen 80 block (but keep the listen 443 block as well). This will enable your server to listen on port 80 (http) and port 443 (https) without redirecting (forcing) https. Note this is not recommended but will address your request.
Trust you’re doing great. After renaming a site, I find that the http to https redirect doesn’t seem to be working. Typing just the site name in the browser leads to the ‘in-secure’ http address. I actually need to type the full url with https now!
I checked the nginx.conf file and everything seems right. I’ve used the bench setup nginx command a few times and reloaded the nginx server but still appears the same
Thanks for the suggestions. It turns out the issue was because I had previously used that domain as a custom (additional) domain before renaming the site and making it the primary domain. I took the following steps to fix the issue:
Removed the 'Domain' entry in the site_config.json file