Auto-renewal not working since change of domain registrar


#1

Hi all,

my domain is www.whichseats.com
I have been using let’s encrypt on that domain for two years now; the certificate is renewed using https://certbot.eff.org/. I recently moved my domain name (whichseats.com) from godaddy to a new registrar. My DNS and DNS zones therefore changed. The server and IP for www.whichseats.com however did not change.

Since that registrar change, the cron job that runs the following command returns an error and I am unable to renew my certificate:
certbot renew --pre-hook “service apache2 stop” --post-hook “service apache2 start”

It produced this output:

I verified my DNS entries which all seem correct. I don’t know what the issue could be.
I initially only issued a certificate for the subdomain www.whichseats.com as I don’t need a certificate for whichseats.com so I’m not sure why the error returns a line about whichseats.com being in error.

Can anyone help?

The operating system my web server runs on is Debian Linux 8
I can login to a root shell on my machine.
I’m using a control panel to manage my site (ssh or webmin)

Thank you


#2

Is that intentional? Do you mean for them to now be hosted separately on separate machines?


#3

I am using a service from the registrar that redirects whichseats.com to www.whichseats.com. The DNS and DNS zones are also managed at the registrar’s level.
Which explains why the IPs for whichseats.com and www.whichseats.com are different.

So yes it is somewhat intentional.


#4

So, you’re running Certbot on the machine that www.whichseats.com is pointed at, right?

Could you post the renewal configuration file from /etc/letsencrypt/renewal for this certificate?


#5

That is correct.

I don’t have access to the server right now as I am on my mobile. I will only be able to post this information tomorrow morning CET time.

Thank you for your help.


#6

Here’s the conf file:

renew_before_expiry = 30 days

version = 0.10.2
archive_dir = /etc/letsencrypt/archive/www.whichseats.com
cert = /etc/letsencrypt/live/www.whichseats.com/cert.pem
privkey = /etc/letsencrypt/live/www.whichseats.com/privkey.pem
chain = /etc/letsencrypt/live/www.whichseats.com/chain.pem
fullchain = /etc/letsencrypt/live/www.whichseats.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = 8ec27e477c57b14395a65ce3af114443
authenticator = webroot
installer = None
post_hook = service apache2 start
pre_hook = service apache2 stop
[[webroot_map]]
whichseats.com = /tmp/letsencrypt-auto
www.whichseats.com = /tmp/letsencrypt-auto


#7

It appears that I did not have the full picture. Our developer was trying to renew the certificate for whichseats.com at the same time, which produced the error.

I changed the A record for whichseats.com and made it point to the server. We are now managing the redirection from whichseats.com to www.whichseats.com at the server level. We were able to renew the certificate.

Thank you again for your help.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.