Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The employee that renews this certificate is away and not responding to emails. I'm not sure how to go about handling this? Our certificate lapses on 1/9.
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
It depends on how your website is run. The recommended approach is that certificates are renewed automatically by your webserver so no human steps are required, but it seems like your webserver is not configured in that way.
Without knowing anything more about how your website is run, the most common configuration is a single Linux server with the Certbot client on it.
Can you log into your webserver with some kind of console, like via SSH? If so, does the command sudo certbot renew do anything?
will the folks that are currently using the api no longer be able to access it? Yes - we are a small org with one engineer and they are not responding.
Do you have some hardware device that must be always on for the request of your engineer? Otherwise, do you an external bill from the engineer for third party IT service?
Dreamhost offers a few different ways to host domains.
You have two options:
Fix the problem. Contact Dreamhost.com to figure out how that domain is run and who owns the plan it is served from. If the plan offers access to anyone on your team that you can communicate with, they can come here and we can walk them through things. If you are on a "managed" plan with Dreamhost, Dreamhost Staff should be able to log into the system and renew the cert for you. If you're on a shared plan, they should be able to do that as well. They employ some really great staff there, so I would contact them ASAP for help and guidance.
Patch the problem temporarily. The domain is registered through domain.com ; If your available team members have access to that login, you could conceivably route the dns for api.abortionpolicyapi.com through the Cloudflare CDN. In that setup, your subscribers will connect with cloudflare who will handle all the SSL stuff and then cloudflare will connect back to your actual api server.
If the certificate lapses, your subscribers may or may not be able to use the API - it will depend entirely on their setups. Some systems will raise an immediate error on the expired certificate and not allow access by default; others will allow access by default. It is honestly impossible to forecast how many subscribers will be affected as that relies on what libraries they use and how they configured their applications.
If "certbot certificates" returns anything, post it here.
If it returns nothing...
Try this: sudo find / -name *abortionpolicyapi* | grep -vi 'cer|crt|pem'
If both fail to produce anything of value [no clues]...
Then we need to crack open the web service to see where it gets the cert from.
I can't say I know about where this keeps things:
X-Powered-By: Express
[maybe some other volunteer can help if it comes down to this]