A common cannot renew my certificate


#1

Hey everyone, I’m new in the sysadmin world, and i’m facing one of the most common problems we have, but also here in the forum i suppose (?)
So i watched a lot of these questions here and other docs provided by Certbot or Let’s Encrypt and still i am not resolving my problem.
I am having all kinds of problems from the domain not public suffix; to no dns plugins (?); to no certs found;
Using nginx and ubuntu 18.04.1 and domain git.ura.design


#2

It would probably help if you could give complete examples of the specific problems you’re encountering.

Can you please try to answer the questions below, as best you can? They would have appeared automatically had you posted in the “Help” category. I’ve filled in the information you’ve already provided.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: git.ura.design

I ran this command:

It produced this output:

My web server is (include version): nginx

The operating system my web server runs on is (include version): ubuntu 18.04.1

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

My domain is: git.ura.design

I ran this command: certbot renew
It produced this output: No renewals were attempted.

My web server is (include version): nginx

The operating system my web server runs on is (include version): ubuntu 18.04.1

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ehm terminal?


#4

So certbot isn’t aware of any certificates you have that need to be renewed.

I don’t see a currently valid certificate for that domain in the CT logs though. So maybe certbot isn’t aware of this domain at all?

What’s the output of:

certbot certificates

#5

It shows: No certs found.


#6

Okay, did you use certbot on this server before? Did you delete some things from /etc/letsencrypt? Is there anything in that directory now?

Certbot looks in /etc/letsencrypt to find your existing certificates and to check if they need to be renewed. If they’re not there, it won’t renew them. You might need to start over by using certbot --nginx again, like you (probably) did when you got the cert originally.


#7

yes that’s the thing, it was already there when i started here and it’s my first time facing this and even using certbot. But /etc/letsencrypt is a directory.
And if i type certbot --nginx i need to enter my domain name and if i do that it shows: “DNS name does not have enough labels”


#8

Can you paste the full output of that attempt, including exactly what you typed?


#9

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): git,ura,design
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new order :: DNS name does not have enough labels
Please see the logfiles in /var/log/letsencrypt for more details.


#10

Looks like you typed commas instead of dots in your domain name :wink:

Perhaps you misunderstood “comma … separated” - that means, if you have multiple domains, separate them by commas. For example - example.com,example.org

If you have just one domain name you should separate its labels with dots, as normal - git.ura.design


#11

omg
but why is comma or space?
anyway, it got renewed but when i open the domain it’s an error from Apache2


#12

From my rusty memory, I think Ubuntu installs apache and nginx in a way that they serve content from the same directory by default, so nginx might be serving apache’s default starting page. Or maybe you have some weird reverse proxy setup? Although that seems unlikely if as you say you’re new in the sysadmin world :slight_smile:

So were you expecting something else to appear? A website? Maybe you need to configure nginx to point at the correct document root for the site.


#13

Hi @axhakani

the header of your Apache-standardpage says:

https://git.ura.design/
159.65.127.77
200
5.576
B
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 18 Dec 2018 21:48:53 GMT
Content-Type: text/html
Content-Length: 11321
Last-Modified: Mon, 17 Dec 2018 17:24:52 GMT
Connection: close
ETag: “5c17dbe4-2c39”
Accept-Ranges: bytes


So it’s a nginx. And your http sends the same header.

One thing: You have a dns entry www. But your www has now the wrong certificate.

CN=git.ura.design
18.12.2018
18.03.2019
git.ura.design - 1 entry

Perhaps remove the www entry or create a new certificate with both domain names:

certbot --nginx -d git.ura.design -d www.git.ura.design

#14

Hey there, i removed the www and yes still Apache2 showed up


#15

What were you hoping would show up instead?


#16

Maybe the functional page? instead of the apache default page


#17

So you already have a functioning website and were expecting to see it. Where is it located on your server? You may need to configure nginx to be aware of its location, if it’s not in the default location.


#18

Hey there, wanted to update you guys.
I wrote to GitLab Support and got no answer, also i wrote to them on Twitter and still no answer. So, together with the other SysAdmin ended up removing nginx and apache from the server and re-installing them and re-configuring the server and we’re waiting for the page to (hopefully) respond well.
Just wanted to say thank you for the quick responses and helping me. I really appreciate it.


closed #19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.