Cert shows expired in browsers after rewnewing

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dvcfury.com

I ran this command:
sudo certbot certificates

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: dvcfury.com
Serial Number: 3f05a4c758f3d1d6624a660d1d2aae1282e
Key Type: RSA
Domains: dvcfury.com *.dvcfury.com
Expiry Date: 2024-03-25 14:27:36+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/dvcfury.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/dvcfury.com/privkey.pem

My web server is (include version): AWS lightsail

The operating system my web server runs on is (include version):
(Linux Debian 5.10.197-1 (2023-09-29) x86_64 GNU/Linux)

My hosting provider, if applicable, is: AWS lightsail

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.12.0

Problem:
I have renewed the cert twice but the cert still shows as expired in browsers.
I followed instructions in this tutorial to renew cert manually.
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress#request-a-lets-encrypt-certificate-wordpress
Basically using this command:

sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly

I have multiple WP sites hosted in AWS lightsail on separate instances. I do the same steps for all my sites but for some reason, this particular instance is giving me issues with renews.

717×800 131 KB

On the WP site I use "Really Simple SSL" plugin.

3

Hi @zhangla, and welcome to the LE community forum :slight_smile:

You can stop renewing the cert - that is not where the problem is.
The problem is somewhere within the web service.
Did you do Steps #7 and #8?

1 Like
4

Sorry I misunderstood.

You meant these?

Step 7: Create links to the Let’s Encrypt certificate files in the Apache server directory

Step 8: Integrate the SSL certificate with your WordPress site using the Really Simple SSL plug-in

I did these 2 steps when I first installed SSL on this instance. The tutorial says these steps are not needed for renews. I don't do these steps for my other WP SSL renews. Do you think these 2 steps are needed?

1 Like
5

OK. I just did step #7 and #8 above and now the cert shows up valid.
Thanks! I did not know why for this instance I have to perform these 2 steps. I have 3 other WP sites hosted on 3 different AMS lightsail instances. I never do these 2 steps when manually renewing their SSL.

BTW is there an automated way to renew these SSL certs for WP sites hosted on AWS lightsail? Thanks.

1 Like
6

Please review the Important Notice at the top of the instructions you linked (shown below). The automated bncert tool does not support wildcard certs but a wildcard is not often needed.

The steps outlined in this tutorial show you how to implement an SSL/TLS certificate using a manual process. However, Bitnami offers a more automated process that uses the Bitnami HTTPS configuration (bncert) tool that is typically pre-installed on WordPress instances in Lightsail. We highly recommend that you use that tool instead of following the manual steps in this tutorial. This tutorial was written before the bncert tool became available. For more information about using the bncert tool, see Enabling HTTPS on your WordPress instance in Amazon Lightsail.

3 Likes
7

OK, I just tried sudo /opt/bitnami/bncert-tool --perform_public_ip_validation 0 --perform_dns_validation 0
because of the IP6 address this site has that bncert cannot handle.

I went through the prompts but it says I don't have "let's encrypt" account associated with the email I gave.

How do I get an "let's encrypt" account with an email?

An error occurred creating certificates with Let's Encrypt:

private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2023/12/26 16:53:01 No key found for account dvcfury@gmail.com. Generating a
P256 key.
2023/12/26 16:53:01 Saved key to
/opt/bitnami/letsencrypt/accounts/acme-v02.api.letsencrypt.org/dvcfury@gmail.com/
keys/dvcfury@gmail.com.key

8

The bncert tool should create any account that it needs

Problems with that kind of error are best handled by their experts

2 Likes
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.