About Let's Encrypt Renewal

My domain is: niuniu.com.au, I have recently received an email about expiration and renewal issues. I followed the instructions given by Bitnami to set auto-renewal in Apache, but I would like to know how I can verify the auto-renewal is on and effective.

The instruction I followed: Generate and Install a Let's Encrypt SSL Certificate for a Bitnami Application

My hosting provider, if applicable, is: AWS Bitnami

Thank you very much.

3 Likes

Welcome to the Let's Encrypt Community :slightly_smiling_face:

If you've received an email directly from Let's Encrypt about upcoming certificate expiration it means that you have an existing certificate that is not renewing via an automated call to your ACME client (possibly lego for bitnami). This certificate may not actually be in use and thus may not need to be renewed.

You can lookup your issued certificates here:

https://crt.sh/

You can read about expiration emails here:

2 Likes

Hi,

I tried to follow the instructions in Bitnami Community 'Generate and Install a Let's Encrypt SSL Certificate for a Bitnami Application', but when I execute 'sudo /opt/bitnami/letsencrypt/lego --tls --email=“admin@heraldrealty.com.au” --domains="heraldrealty.com.au" --path="/opt/bitnami/letsencrypt" renew --days 90', it showed 'Account “admin@heraldrealty.com.au” is not registered. Use 'run' to register a new account.'.

Could you please tell me how can I register the account?
Thank you very much.

3 Likes

Try this:

sudo /opt/bitnami/letsencrypt/lego --tls --email="admin@heraldrealty.com.au" --domains="heraldrealty.com.au" --domains="www.heraldrealty.com.au" --path="/opt/bitnami/letsencrypt" run

2 Likes

The following is the executed result:

bitnami@ip-172-31-29-60 : ~ $ sudo /opt/bitnami/letsencrypt/lego --tls --email=“admin@heraldrealty.com.au” --domains="heraldrealty.com.au" --domains="www.heraldrealty.com.au" --path="/opt/bitnami/letsencrypt" run

2021/02/19 06:55:00 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

Do you accept the TOS? Y/n

2021/02/19 06:55:00 [INFO] acme: Registering account for “admin@heraldrealty.com.au”

2021/02/19 06:55:00 Could not complete registration

acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: contact email ["mailto:“admin@heraldrealty.com.au”"] contains non-ASCII characters, url:

Then I found out the command you posted has two wrong quote marks, so I changed the quote marks to ASCII version and the result turns to become:

bitnami@ip-172-31-29-60 : ~ $ sudo /opt/bitnami/letsencrypt/lego --tls --email="admin@heraldrealty.com.au" --domains="heraldrealty.com.au" --domains="www.heraldrealty.com.au" --path="/opt/bitnami/letsencrypt" run

2021/02/19 06:54:38 [INFO] [heraldrealty.com.au, www.heraldrealty.com.au] acme: Obtaining bundled SAN certificate

2021/02/19 06:54:39 [INFO] [heraldrealty.com.au] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10638030648

2021/02/19 06:54:39 [INFO] [www.heraldrealty.com.au] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10638030649

2021/02/19 06:54:39 [INFO] [heraldrealty.com.au] acme: authorization already valid; skipping challenge

2021/02/19 06:54:39 [INFO] [www.heraldrealty.com.au] acme: authorization already valid; skipping challenge

2021/02/19 06:54:39 [INFO] [heraldrealty.com.au, www.heraldrealty.com.au] acme: Validations succeeded; requesting certificates

2021/02/19 06:54:40 [INFO] [heraldrealty.com.au] Server responded with a certificate.

Could you please help me with this. Thank you very much.

2 Likes

I actually just copied your original post and modified it a little. You actually included those wrong quotes originally. :grin: No worries. Happens to everyone at some point.

You successfully acquired your certificate. In fact, you actually acquired 5 certificates. Besides hitting the duplicate certificate rate limit, what's the trouble?

https://crt.sh/?Identity=heraldrealty.com.au&deduplicate=Y

2 Likes

Thank you so much for your help. Initially it was because I cannot set the auto-renewal for the domains. Now I see how to generate the account.
By the way, is there any problem that I acquired 5 certificates? Or I can just leave it like this.
Again, thank you so much.

3 Likes

Not a problem. You just can't generate any more for a week. Guard the ones you have and you should be fine.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.