Help! SSL borked!

1

Ok, so for some reason, due to various updates, letsencrypt has been failing to run and now the SSL certificate for the machine is out of date. During the process of getting it running again, it ran a “renew”, so now the certificates in /etc/letsencrypt are up-to-date, but the other halves in user-data are not. Can anyone tell me how I manually run a certificate install to update the stuff in user-data from /etc/letsencrypt?

Currently everything is broken, can’t get nginx up and even SMTP sessions are failing with complaints of broken ssl keys … :frowning:

2

Ok, fixed it by disabling all entries in nginx local.conf bar the root, then repointing the nginx SSL config directly at the renewed letsencrypt certificates - so I could actually start nginx, then running ssl_certificates.py --force. That was nasty. Running ssl_certificates.py seems to be the only easy fix, but if nginx won’t start because the certificates are invalid, ssl_certificates.py won’t run, then you’re a bit screwed.