I tried the auto-renew feature, but it does not work in manual mode. They intend it to be run automated and unattended, but I can't do that because I want to use the certificate on google app engine.
So basically, you have to re-issue the certicate , which means updating the challenge response on your website.
Well, I did all that, and generated a new certificate.
Unfortunately it expires the same time as the certificate I want to replace... WTF?
Anyway, I cleaned out /etc/letsencrypt and tried again from scratch:
sudo ./letsencrypt-auto certonly -a manual --rsa-key-size 2048 --email webmaster@mydomain.org.au -d shop.rhubarbfood.org.au
and this time it generated me a certificate with the correct expiry date. For future reference,
fullchain.pem is the public cert that appengine wants.
fullchain.pem is the public cert that appengine wants.
The private key needs to be fixed for google app engine:
openssl rsa -inform pem \
-in /etc/letsencrypt/live/mydomain.org.au/privkey.pem \
-outform pem
-outform pem
the output of this command can be pasted straight into the text box in the appengine certificate page.
This time I documented it so I can rmember in 90 days time when I need to renew it again!