Nelson's log

letsencrypt renewal

I set up letsencrypt SSL for awhile ago. When I installed it in early January, there was no way to renew the certs and they expired in 3 months. Happily they’ve added a simple renewal command which mostly worked. The first time I ran it I got an error “DNS problem: query timed out looking up CAA” but I just ran it a second time and it worked.

Happily the certificate renewal didn’t touch my Apache config at all, just updated the certificate.

I took the opportunity to fix some redirects in the SSL version of my site config so they redirected to https://, not http://. I’m further regretting the way I have two versions of my Apache config, some 90 lines of complicated redirects and crap now duplicated. And now edited a tiny bit, to preserve SSL. I should refactor all that but IIRC it’s complicated.

I’m a little scared to have enabled SSL without fully committing to it. I suspect Google will start preferentially serving the SSL links, so what happens if I forget to update the letsencrypt certs? So far Google isn’t serving the SSL links though, I wonder if my siteindex URLs (no https) overrides their preference for SSL.