Cant renew certificate no such file or directory

I am sorry to interrupt you. I am pretty new to server and also to letsencrypt. I got access to a very old server and wanted to renew the letsencrypt certifiactes, which ran out. But when i try to run the well know commands all i get is the same output below. I hope someone can get my some hints or provide me further more information to solve this problem. I am very thankful in advance for your patience :wink:

My domain is:
www.proventus-trikotshop.de

I ran this command:
certbot -renew
letsencrypt -renew

It produced this output:
bash: letsencrypt: command not found

My web server is (include version):
apache? dont know exactly where i can look this up

The operating system my web server runs on is (include version):
Debian 7

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
cant get the version. i can see there are files in etc/letsencrypt. But also there none of the commands work.

Thanks

Hi @visitmedia,

Maybe you could try history | egrep 'certbot|letsencrypt' to see what command you ran before, if you don’t remember?

It’s very possible that you’re using certbot-auto, which is an auto-downloaded version of Certbot that we create for operating systems that don’t ship a current version of Certbot. In that case, the commands you would use would be slightly different and would also depend on where you downloaded and saved certbot-auto.

Thanks for your quick help. I tried history but i just see the last 20 commands with this words. Starting on line 496 with “letsencrypt” and nothing else :smiley:

after that there are just my commands where i tried to find the installation directory and all variations of letsencrypt with renew.
Do you have any other hints for me?

Just to be clear. I am also very new to all that things like server and letsencrypt. So i didnt install it and i never renewed the certifiactes for that server. I thouhgt this woudl be an easy way. Just fire 2 commands and im done… well so i thought.

What do you know about how you got your original certificate? What steps or documentation did you follow for that?

Well I did not install this server. I just got access to that server and my task is to renew that certificate. By that way I want to learn more about letsencrypt and servers.

As you probably know Debian 7 went out of support in may 2018, you should probably update to Debian 8 or 9.
Most certainly the version of certbot that shipped with Debian 7 is no longer supported. This is even the case for the Debian 8 version, therefor they have backported the current certbot to Debian 8.
This means that you should probably use, or install certbot-auto.
Your certificates have expired 4 days ago, so updating them is your main priority.

So the first thing is to install certbot-auto? Will it run on Debian 7? I will check that. Thanks

Hi @visitmedia

perhaps start with some basics:

Then read something about challenge types:

Checking your domain there is something that may installed later, but may block the http validation ( https://check-your-website.server-daten.de/?q=proventus-trikotshop.de ):

Domainname Http-Status redirect Sec. G
http://proventus-trikotshop.de/
37.61.201.72 301 https://proventus-trikotshop.de/ 0.044 A
http://www.proventus-trikotshop.de/
37.61.201.72 301 https://www.proventus-trikotshop.de/ 0.047 A
https://proventus-trikotshop.de/
37.61.201.72 302 https://proventus-trikotshop.de/index.php?s=73&vmError=invalidSession 6.707 N
Certificate error: RemoteCertificateChainErrors
https://www.proventus-trikotshop.de/
37.61.201.72 302 https://proventus-trikotshop.de/index.php?s=73&vmError=invalidSession 6.637 N
Certificate error: RemoteCertificateChainErrors
https://proventus-trikotshop.de/index.php?s=73&vmError=invalidSession 200 6.946 N
Certificate error: RemoteCertificateChainErrors
http://proventus-trikotshop.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
37.61.201.72 301 https://proventus-trikotshop.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.047 A
Visible Content: Moved Permanently The document has moved here . Apache/2.2.22 (Debian) Server at proventus-trikotshop.de Port 80
http://www.proventus-trikotshop.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
37.61.201.72 301 https://www.proventus-trikotshop.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.043 A
Visible Content: Moved Permanently The document has moved here . Apache/2.2.22 (Debian) Server at www.proventus-trikotshop.de Port 80
https://proventus-trikotshop.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 302 https://proventus-trikotshop.de/index.php?s=73&vmError=invalidSession 6.830 N
Certificate error: RemoteCertificateChainErrors
Visible Content:
https://www.proventus-trikotshop.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 302 https://proventus-trikotshop.de/index.php?s=73&vmError=invalidSession 7.016 N
Certificate error: RemoteCertificateChainErrors

/.well-known/acme-challenge/random-filename is redirected to /index.php with some variables.

So it’s impossible that Letsencrypt checks the validation file.

There are a lot of older certificates, first from 2017-08-04, then the standard renews (every ~~ 60 day).

Looks like this “session check” was added after 2019-05-11, now the renew doesn’t work.

follow these instructions to install certbot-auto:

First check wether it is already installed, the installation instructions can give you a clue where to look.
As JurgenAuer mentions, there is also a problem with your server configuration, that needs to be solved and this may be the underlying problem for not auto-updating the certificates.

Recent versions of certbot-auto won’t run on Debian 7 out of the box, but it’s relatively simple to work around.

so the question is where to start. On the one hand there is something with acme on that server. Should i try to solve the missconfiguration or should i install certbot?
As i can see there were more websites on that server but they have been moved. So my guess is that acme tries to renew certificates for that server that no longer belong there. Is there somewhere a log i can lookup to clear things up?

Thanks

ok so i got some more information. On that server there is an acme running. With acme.sh --renew the certificate was renewed. When i open the website in a browser it still says, that the certificate is not ok. Any hints for me?

so after the renewal i had to restart apache and the new certificate is installed. Thanks for your hints and tips.

1 Like

Yep, a restart of the webserver is required to use the new certificate.

Happy to read that you have found your client - :+1:

Now your certificate is new and includes both domain names:

CN=proventus-trikotshop.de
	14.08.2019
	12.11.2019
expires in 90 days	
proventus-trikotshop.de, www.proventus-trikotshop.de - 2 entries

But there are again these redirects to

https://proventus-trikotshop.de/index.php?s=73&vmError=invalidSession

First idea: It’s only a problem of my online tool, there are no cookies used.

But checking your online shop in my browser there is the same problem.

Bestellinformationen

Diese Sitzung ist nicht gültig.

It’s impossible to use your online shop. So your shop is dead. Every click -> the same redirect.

So you should change your code.

1 Like