Hi, I am running a RL 9 (latest) server with apache and a mailserver (surgemail) and certbot for Letsencrypt certificates. Works like a charm.
I also have a backup server that I haven’t used/needed in a couple of years, and that runs an outdated CentOS stream 8 system…
I tried to check if that server still worked (needed in case of an emergency on my main server). It fires up smoothly and runs like “before”. I can live with an outdated system for a day or so in case of an emergency.
The present certificate on the backup server is not valid anymore (expired in 2023). Without certificates, I cannot run the https website nor the https mailserver (also run through apache) so I don’t have a working backup! I don’t know how to check if the certificates are still renewed in spite of the outdated OS, as I then need to take my running server off-line and fire up the backup server, which I obviously want to avoid.
The certbot installation looks outdated. It is using the “certbot-auto” command, instead of the “certbot” command, but several certbot processes are still running (checking with ps -ef | grep certbot).
[root@server1 server_upgrade]# ps -ef |grep certbot
root 301515 301458 0 12:38 ? 00:00:00 /bin/sh -c /usr/local/bin/certbot-auto renew >/dev/null 2>&1 --renew-hook "systemctl restart httpd.service" #update Let's Encrypt SSL Certificate
root 301518 301515 0 12:38 ? 00:00:00 /bin/sh /usr/local/bin/certbot-auto renew --renew-hook systemctl restart httpd.service
root 301562 301518 0 12:38 ? 00:00:00 /bin/sh /usr/local/bin/certbot-auto --cb-auto-has-root --le-auto-phase2 renew --renew-hook systemctl restart httpd.service
root 301581 301562 2 12:38 ? 00:00:00 /opt/eff.org/certbot/venv/bin/python /opt/eff.org/certbot/venv/bin/letsencrypt renew --renew-hook systemctl restart httpd.service
root 301805 12789 0 12:38 pts/0 00:00:00 grep --color=auto certbot
[root@server1 server_upgrade]#
I can’t update certbot as the dnf/yum functionality has stopped working on the backup server because of the outdated/unsubscribed CentOS 8 stream OS.
What are my options to check/make sure when it is off-line (now), if the renewal of the certificates will still work once the backup server is activates and gets on-line?
Many thanks for any recommendation!