Can not renew the certificate


#1

Server: Ubuntu 16.04 x84-64, nginx/1.10.1, root, no admin panel.
Domains: contactlinza.com.ua,api.contactlinza.com.ua,www.contactlinza.com.ua,admin.contactlinza.com.ua

And the certificate letsencrypt: Serial Number: 03:c0:49:46:f6:f0:ab:5c:af:3c:0f:7f:56:d9:f5:b9:3b:0f ( Not Before: Sep 1 11:07:00 2017 GMT/Not After : Nov 30 11:07:00 2017 GMT)

When I try to update the certificate manually or automatically I see a message about a successful update. The script overwrites the certificate files in the folder. But the certificate’s end date remains the same.
When I try to get a new certificate in manual mode (letsencrypt-auto --agree-dev-preview --server \https://acme-v01.api.letsencrypt.org/directory -a manual auth) the effect is the same

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/contactlinza.com.ua/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/contactlinza.com.ua/privkey.pem
    Your cert will expire on 2017-11-30. To obtain a new or tweaked
    version of this certificate in the future, simply run
    letsencrypt-auto again. To non-interactively renew all of your
    certificates, run “letsencrypt-auto renew”

#2

Which command did you run in detail?
Whats the output of letsencrypt-auto certificates?
Whats the output of the command openssl x509 -dates -noout < /etc/letsencrypt/live/contactlinza.com.ua/fullchain.pem


#3

A post was split to a new topic: What to do about renewal notice


#4

letsencrypt-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: contactlinza.com.ua
Domains: contactlinza.com.ua admin.contactlinza.com.ua api.contactlinza.com.ua www.contactlinza.com.ua
Expiry Date: 2017-11-30 11:07:00+00:00 (VALID: 15 days)
Certificate Path: /etc/letsencrypt/live/contactlinza.com.ua/fullchain.pem
Private Key Path: /etc/letsencrypt/live/contactlinza.com.ua/privkey.pem

openssl x509 -dates -noout < /etc/letsencrypt/live/contactlinza.com.ua/fullchain.pem
notBefore=Sep 1 11:07:00 2017 GMT
notAfter=Nov 30 11:07:00 2017 GMT

Commands (tried 2 variants) :

  1. letsencrypt-auto
  2. letsencrypt-auto --agree-dev-preview --server \https://acme-v01.api.letsencrypt.org/directory1 -a manual auth

#5

Have you ever tried letsencrypt-auto renew?

By the way: The second command seems a bit overcomplicated, you don’t have to specify the server in most cases.


#6

Yes.
letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/ayesqbk4zr1t.contactlinza.com.ua.conf

Cert not yet due for renewal


Processing /etc/letsencrypt/renewal/contactlinza.com.ua.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for contactlinza.com.ua
http-01 challenge for admin.contactlinza.com.ua
http-01 challenge for api.contactlinza.com.ua
http-01 challenge for www.contactlinza.com.ua
Waiting for verification…
Cleaning up challenges


new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/contactlinza.com.ua/fullchain.pem


The following certs are not due for renewal yet:
/etc/letsencrypt/live/ayesqbk4zr1t.contactlinza.com.ua/fullchain.pem (skipped)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/contactlinza.com.ua/fullchain.pem (success)

But in fact the certificate is old:
root@vps-19776:/opt/letsencrypt# openssl x509 -dates -noout < /etc/letsencrypt/live/contactlinza.com.ua/fullchain.pem
notBefore=Sep 1 11:07:00 2017 GMT
notAfter=Nov 30 11:07:00 2017 GMT


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.