Certbot Autorenew Fails to renew

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ch0101.planchurch.com

I ran this command: certbot renew

It produced this output:
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Attempting to renew cert (ch0101.planchurch.com) from /etc/letsencrypt/renewal/ch0101.planchurch.com.conf
produced an unexpected error: (‘Connection aborted.’,gaierror(-2, ‘Name or service not known’)). Skipping.

My web server is (include version):
httpd-2.4.6-88.el7.centos.x86_64

The operating system my web server runs on is (include version):
CentOS Linux 7 (Core)

My hosting provider, if applicable, is:
Private -Own Server

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.35.1

Comments:
I have used the same command ‘certbot renew’ over the last several 90 days renewal cycle without any issue. But this time it failed to renew before expiry or after expiry. Quite confused.

Config File:

renew_before_expiry = 30 days

version = 0.26.1
archive_dir = /etc/letsencrypt/archive/ch0101.planchurch.com
cert = /etc/letsencrypt/live/ch0101.planchurch.com/cert.pem
privkey = /etc/letsencrypt/live/ch0101.planchurch.com/privkey.pem
chain = /etc/letsencrypt/live/ch0101.planchurch.com/chain.pem
fullchain = /etc/letsencrypt/live/ch0101.planchurch.com/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = apache
installer = apache
account = ******************************************* (masked)
server = https://acme-v02.api.letsencrypt.org/directory

Hi @festus

looks like you have a domain name that is unknown.

What's the content of

/etc/letsencrypt/renewal/ch0101.planchurch.com.conf

There is a check of your domain - https://check-your-website.server-daten.de/?q=ch0101.planchurch.com

Your certificate is 13 days expired.

CN=ch0101.planchurch.com
	27.04.2019
	26.07.2019
13 days expired	
ch0101.planchurch.com - 1 entry

A normal renew is after 60 days.

What says

apachectl -S
httpd -S

One command should work.

There is no error visible.

So more informations are required.

Add the -vvv switch to your command to see, where the error happens.

Now you have a completely different error.

Looks like the apache authenticator doesn't work with your configuration.

So switch to webroot. Find your https DocumentRoot and use it.

certbot certonly -a webroot -w yourDocumentRoot -d ch0101.planchurch.com

Why do you use certonly? Is there an additional application that blocks?

I used ‘certonly’ to try updating only one domain.
Any alternative option I can try?
I get a missing ‘plugin’ issue as follows:

certbot certonly -a /var/www -i apache -w /var/www/ch0101.planchurch.com -d ch0101.planchurch.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: The requested /var/www plugin does not appear to be installed
The requested /var/www plugin does not appear to be installed

Hi Juergen,

Thanks for spending time to try to help our with my problem.
After attempting renewal for over 3 weeks and spending focused efforts over the last 2 frustrating days I found the lead to the solution at the following url:

I was able to successfully renew with the following command:

certbot-auto renew

The command did the following:
Upgrading certbot-auto 0.33.1 to 0.37.1…
Replacing certbot-auto…
Creating virtual environment…
Installing Python packages…
Installation succeeded.

After these updates, the script went on to renew all my certs successfully.

I feel sorry for all those in the community who are probably wasting time like me. I hope all those who are facing similar problem will find help from this post.
I also hope a bit more proactive instruction will be made available at CACert site and Certbot site to resolve such issue.

I have deleted some of the information I posted earlier in the process of investigation since I find none of those provide any useful debug information.

Festus

Please ignore the reference to ‘CACert site’ in the above post since that is a different SSL cert provider and not relevant to the issue of renewing the SSL cert from ‘LetsEncrypt’ using Certbot.

Festus

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.