Automatic renewal failure

My domain is: negotiations-masterclass.com

I installed Let's Encrypt with the Automated Renewals following this guide:
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-enabling-https-on-wordpress#https-wordpress-enable

Now Let's Encrypt is expiring in 5 days and I don't know how I can renew it. Could you please help me? I would really appreciate it.

Thank you,

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2 Likes

Hi Osiris

My domain is: negotiations-masterclass.com

I ran this command: I ran all the commands under Step 5 in this guide: Enabling HTTPS on your WordPress instance in Amazon Lightsail | Lightsail Documentation

It produced this output: Certificate got installed, however it is now expiring in 5 days though the commands are for automated renewal

My web server is (include version): I don't know - where do I find this information?

The operating system my web server runs on is (include version): Chrome Browser

My hosting provider, if applicable, is: AWS Lightsail

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Using the terminal of AWS Lightsail

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I don't know - where do I find this?

Could you please help me?

Thank you

1 Like

It looks like there was a renewal issued 10 days ago: crt.sh | 6902811170

However, for some reason your webserver isn't using it.

Unfortunately, Bitnami stacks are terrible pieces of work with many non-standard locations of non-standard webservers, so that's difficult to debug.

Maybe it just needs a webserver reload? I dunno, I'm not familiar with Bitnami and I want to keep it that way.

If you require additional help regarding Bitnami, please open a thread on the Bitnami community at https://community.bitnami.com/

3 Likes

Hi Osiris

Thank you!

With webserver reload, you mean stopping and starting the instance, correct? I just stopped and started it and unfortunately it still shows that the certificate is expiring in 5 days.

Is there someone else who's experienced with Bitnami and who could possibly help me?

Otherwise, could you possibly tell me how I can un-install the certificate and I'll install it from scratch once more. Possibly that will work.

1 Like

That's just the Pre-Cert. It doesn't look like the Leaf ever got created.

@markusfischer I don't know bncert tool well either. But, looks like something went wrong with your renewal request on June9. I agree with Osiris that you should ask for help from bitnami / bncert experts. We can't be experts on every system.

If you haven't yet you should read through the bncert guide below. There is a section named Resetting The Certificates that describes what you asked for.
https://docs.bitnami.com/aws/how-to/understand-bncert/

There is also this about gathering info to submit to the Bitnami Support Team.
https://docs.bitnami.com/aws/how-to/understand-bndiagnostic/

4 Likes

Hm, not sure about Let's Encrypt, but some CAs just submit the pre-certificate to get the SCTs without submitting the actual certificate: those can be added when the PKI ecosystem comes across the cert in the wild.

But it's certainly possible something errored out between submitting the pre-cert and actual certificate issuance.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.