In some cases LetsEncrypt is not the good decision to generate SSL certificates. As a alternative, we can use acme.sh.
You can install it using git, wget or curl. i.e.
curl https://get.acme.sh | sh
First of all, stop nginx
service nginx stop
Do request for a SSL certificate
acme.sh --issue -d en.proft.me -d www.en.proft.me --standalone
Install the SSL certificate
acme.sh --install-cert -d en.proft.me -d www.en.proft.me \ --key-file /etc/letsencrypt/live/en.proft.me/privkey.pem \ --fullchain-file /etc/letsencrypt/live/en.proft.me/fullchain.pem
Last, start nginx
service nginx start
Following is a small python script to check out list of domains for expired SSL certificate
import socket
import ssl
import datetime
def check(hostname):
print(f"{hostname}")
ssl_date_fmt = r'%b %d %H:%M:%S %Y %Z'
try:
context = ssl.create_default_context()
conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname=hostname)
conn.settimeout(3.0)
conn.connect((hostname, 443))
ssl_info = conn.getpeercert()
date_exp = datetime.datetime.strptime(ssl_info['notAfter'], ssl_date_fmt)
days_remain = date_exp - datetime.datetime.utcnow()
print(f"Expiration: {date_exp}\nRemaining : {days_remain.days} days")
except Exception as e:
print(f"NO SSL: {e}")
print("-" * 40)
domains = ["proft.me", "en.proft.me"]
list(map(check, domains))