Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:crosscurrentpublisher.com
I ran this command:
It produced this output:
My web server is (include version): nginx/1.10.3
The operating system my web server runs on is (include version):Ubuntu 14.04
My hosting provider, if applicable, is: Godaddy
I can login to a root shell on my machine (yes or no, or I don’t know): Yes, SSH is working
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0
So my certificate expired even though I had it on auto renewal.
I can see 3 certs in /etc/letsencrypt/archives/crosscurrentpublisher.com
I can SSH my server
Problem - all my outgoing connections drops, after certificate expires (Expires even when autorenew is enabled). This is the 2nd server thats happening on, on the 1st server I backed up data and rebuild the server because I thought might be a networking Issue but it happened again.
Outbound connections being dropped would certainly prevent autorenewal from working.
It seems like inbound connections work fine, so if you cannot establish a connection to any outbound server, I would guess that a firewall rule is the culprit.
This does not seem plausible. An SSL certificate has no effect on OS networking. More likely, no outbound connectivity is the reason the certificate expired in the first place.
I'm not sure how much help you'll be able to find on this forum for a problem of this nature. Have GoDaddy support told you anything?
Not much help from GoDaddy becuase its a self-managed VPS.
But thanks for confirming that SSL cert has no effect on OS networking.
Will run network diagnostics and post the results
default via 10.217.7.254 dev eth0
10.217.4.0/22 dev eth0 proto kernel scope link src 10.217.4.149
107.180.92.207 dev eth0 scope link
but should’ve been this :
default via 10.217.7.254 dev eth0 proto static src 107.180.92.207 metric 1024
10.217.4.0/22 dev eth0 proto kernel scope link src 10.217.4.149
107.180.92.207 dev eth0 scope link
the first line :
default via 10.217.7.254 dev eth0 proto static src 107.180.92.207 metric 1024
for some reason got changed to
default via 10.217.7.254 dev eth0 ( proto static src 107.180.92.207 metric 1024 , was removed)
deleted the default route and added again , got fixed.
However I have no idea how it got changed as the certificate got renewal due.