Cert not yet due for renewal


#1

I am also struggling with similar issue, can you please help me what I can check further. Already waster 1hr on this.

Here is more info:

root@ip-172-31-21-163:/etc/letsencrypt# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/xmpp.kaiseapp.in.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for xmpp.kaiseapp.in
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory /var/www/html/.well-known/acme-challenge

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/xmpp.kaiseapp.in/fullchain.pem
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/xmpp.kaiseapp.in/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
-------------------------------------------------------------------------------
root@ip-172-31-21-163:/etc/letsencrypt# cd /var/www/html/.well-known/acme-challenge
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge# ls -rlt
total 4
-rw-r--r-- 1 root root 25 Apr 27  2018 test
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge#  cd test
-su: cd: test: Not a directory
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge# ls -rlt
total 4
-rw-r--r-- 1 root root 25 Apr 27  2018 test
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge#  cat test
this is a challenge test
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge# sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/xmpp.kaiseapp.in.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/xmpp.kaiseapp.in/fullchain.pem (skipped)
No renewals were attempted.
-------------------------------------------------------------------------------
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge# ls -lrt /etc/letsencrypt/renewal/xmpp.kaiseapp.in.conf
-rw-r--r-- 1 root root 531 Oct 25 00:18 /etc/letsencrypt/renewal/xmpp.kaiseapp.in.conf
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge# cat /etc/letsencrypt/renewal/xmpp.kaiseapp.in.conf
# renew_before_expiry = 30 days
version = 0.19.0
archive_dir = /etc/letsencrypt/archive/xmpp.kaiseapp.in
cert = /etc/letsencrypt/live/xmpp.kaiseapp.in/cert.pem
privkey = /etc/letsencrypt/live/xmpp.kaiseapp.in/privkey.pem
chain = /etc/letsencrypt/live/xmpp.kaiseapp.in/chain.pem
fullchain = /etc/letsencrypt/live/xmpp.kaiseapp.in/fullchain.pem

# Options used in the renewal process
[renewalparams]
authenticator = webroot
installer = None
account = 5973533445d28126a7de6eed1ea03529
[[webroot_map]]
xmpp.kaiseapp.in = /var/www/html

http://xmpp.kaiseapp.in/.well-known/acme-challenge/test
this is a challenge test


Renewal is failing
#2

Hi @myluckyapps,

Certbot is correct in saying that the cert is not yet due for renewal; your most recent cert expires on January 22.

https://crt.sh/?id=888166266

What are you trying to accomplish?


#3

Hi @myluckyapps

I can’t find a problem. This

may be ok if you have created an own test file. And your /.well-known/acme-challenge - config is ok, sends a http status 404 if the file is unknown.

Your https has a ConnectFailure, same in the other thread. Is this the problem?