Cant renew certificates after expiration date

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ricta.org.rw

I ran this command:certbot --apache -d ricta.org.rw

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Resetting dropped connection: acme-v02.api.letsencrypt.org
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Enhancement redirect was already set.


Congratulations! You have successfully enabled https://ricta.org.rw

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=ricta.org.rw


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/ricta.org.rw/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/ricta.org.rw/privkey.pem
    Your cert will expire on 2019-08-15. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version): apache2

The operating system my web server runs on is (include version):

Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot --version
certbot 0.31.0

Hi @rwakagabo

you have created 7 certificates today ( https://check-your-website.server-daten.de/?q=ricta.org.rw ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
916655613 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-17 08:44:30 2019-08-15 08:44:30 ricta.org.rw
1 entries duplicate nr. 5 next Letsencrypt certificate: 2019-05-24 06:55:49
916614969 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-17 08:13:59 2019-08-15 08:13:59 ricta.org.rw
1 entries duplicate nr. 4
916601005 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-17 08:02:33 2019-08-15 08:02:33 ricta.org.rw
1 entries duplicate nr. 3
916574283 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-17 07:42:16 2019-08-15 07:42:16 ricta.org.rw
1 entries duplicate nr. 2
916512730 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-17 06:55:49 2019-08-15 06:55:49 ricta.org.rw
1 entries duplicate nr. 1
916486662 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-17 06:34:07 2019-08-15 06:34:07 ricta.org.rw, www.ricta.org.rw
2 entries duplicate nr. 2
916441070 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-17 05:58:50 2019-08-15 05:58:50 ricta.org.rw, www.ricta.org.rw
2 entries duplicate nr. 1

So that part works.

But your site is invisible:

Domainname Http-Status redirect Sec. G
• http://ricta.org.rw/
196.49.7.184 -2 7.410 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 196.49.7.184:80
• http://www.ricta.org.rw/
196.49.7.184 -2 6.884 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 196.49.7.184:80
• https://ricta.org.rw/
196.49.7.184 -2 6.887 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 196.49.7.184:443
• https://www.ricta.org.rw/
196.49.7.184 -2 6.876 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 196.49.7.184:443

So I can't see which certificate is used.

Thanks @JuergenAuer for the reply
now the website is up. you can check please.

yes we tried to install the certificates above because after the certificates is installed the redirections to https fails. and on this link of testing shows certificates expired https://www.ssllabs.com/ssltest/analyze.html?d=ricta.org.rw

Thanks,
regards

@JuergenAuerhow can i force apache to read the new certificate installed.

Thanks,
regards,

Janvier R.

Now http works, https is blocked:

Domainname Http-Status redirect Sec. G
• http://ricta.org.rw/
196.49.7.184 200 0.383 H
• http://www.ricta.org.rw/
196.49.7.184 200 0.497 H
• https://ricta.org.rw/
196.49.7.184 -2 6.890 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 196.49.7.184:443
• https://www.ricta.org.rw/
196.49.7.184 -2 6.887 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 196.49.7.184:443

Looks again like a firewall, now only port 443.

What says

certbot certificates

Does https work internally?

curl https:yourwebsite

I don't know if there is https installed or if it is only a firewall.

1 Like

hello @JuergenAuer, this is my skype account rwakagabo.janvier can you please assist to contact me and we chat on skype,

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.