Certbot Renew did not work

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: prismforge.com

I ran this command:
systemctl stop nginx
certbot renew
systemctl start nginx

Ran this twice ^ Once before it expired and once today when it has expired

It produced this output:
First time I ran it, it said it successfully renewed, now anytime I run it, it produces this:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/s1.prismforge.com.conf


Cert not yet due for renewal


The following certs are not due for renewal yet:
/etc/letsencrypt/live/s1.prismforge.com/fullchain.pem expires on 2020-01-17 (skipped)
No renewals were attempted.


My web server is (include version):
nginx 1.14.0

The operating system my web server runs on is (include version):
Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-55-generic x86_64)

My hosting provider, if applicable, is:
sparkedhost.us

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, putty

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

So the main issue is, is I renewed the certbot when I received the email,(using these commands:
systemctl stop nginx
certbot renew
systemctl start nginx
)
it said it was successfully renewed, and then my connection to the pterodactyl panel stopped working the same day the certificates were supposed to expire

here’s the email I received in regards to it expiring

Your certificate (or certificates) for the names listed below will expire in 10 days (on 27 Oct 19 16:41 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let’s Encrypt’s current 90-day certificates, that means
renewing 30 days before expiration. See
https://letsencrypt.org/docs/integration-guide/ for details.

admin2.prismforge.com
s1.prismforge.com

For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can’t provide support by email.

For details about when we send these emails, please visit https://letsencrypt.org/docs/expiration-emails/. In particular, note that this reminder email is still sent if you’ve obtained a slightly different certificate by adding or removing names. If you’ve replaced this certificate with a newer one that covers more or fewer names than the list above, you may be able to ignore this message.

Please show:
certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: s1.prismforge.com
Domains: s1.prismforge.com admin2.prismforge.com
Expiry Date: 2020-01-17 18:53:50+00:00 (VALID: 82 days)
Certificate Path: /etc/letsencrypt/live/s1.prismforge.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/s1.prismforge.com/privkey.pem


You are OK.

Well then why am I receiving a connection error the same day they were supposed to expire?

The email mentions other FQDNs:

Maybe they are no longer in use, or used on other servers.

EDIT: I read that all wrong (based on the first post domain)
Those are the names on the cert and the email.
You have renewed them and can ignore that email.

Which connection error?

It’s a connection error with pterodactyl panel, not sure if you are familiar with it.

But atm, I cannot connect to any of the Minecraft servers I have setup with it.


https://gyazo.com/56833a4885f41c4ea340b7aba1306f12

I can still connect to admin2.prismforge.com, but it seems like I cannot connect to the specific node I have setup on s1.prismforge.com

How can you “test” connectivity?
[port 443 seems closed to s1]

Did you restart service with new cert?

I’m not entirely sure, (Sorry I’m new to this)

but in terms of connection, I know when it’s operational because I am able to connect and that is basically it.

There’s a whole section on how to find the issue. but not how to solve it.

And I know it’s related to certbot somehow, and I’m just missing a step.

Here’s the info link that I use for issues:
https://pterodactyl.io/tutorials/creating_ssl_certificates.html#method-1-using-certbot

seems simple enough.

Please show:

grep -ERi 'prismforge|root|ssl_cert|server_name' /etc/nginx/*.conf /etc/nginx/conf.d/*.conf

[if needed use sudo]

I think this is what you’re looking for xD

root@client-03-rs:~# grep -ERi ‘prismforge|root|ssl_cert|server_name’ /etc/nginx/.conf /etc/nginx/conf.d/.conf
/etc/nginx/fastcgi.conf:fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
/etc/nginx/fastcgi.conf:fastcgi_param DOCUMENT_ROOT $document_root;
/etc/nginx/fastcgi.conf:fastcgi_param SERVER_NAME $server_name;
/etc/nginx/nginx.conf: # server_names_hash_bucket_size 64;
/etc/nginx/nginx.conf: # server_name_in_redirect off;
grep: /etc/nginx/conf.d/*.conf: No such file or directory

Please show (where the conf files are - included):
grep -i include /etc/nginx/nginx.conf

Uh not sure where that is sorry,
this is everything I’ve entered and received an output for so far

/etc/nginx/fastcgi.conf:fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi                                                                                                                                                             _script_name;
/etc/nginx/fastcgi.conf:fastcgi_param  DOCUMENT_ROOT      $document_root;
/etc/nginx/fastcgi.conf:fastcgi_param  SERVER_NAME        $server_name;
/etc/nginx/nginx.conf:  # server_names_hash_bucket_size 64;
/etc/nginx/nginx.conf:  # server_name_in_redirect off;
root@client-03-rs:~# grep -ERi 'prismforge|root|ssl_cert|server_name' /etc/nginx/*.conf
/etc/nginx/fastcgi.conf:fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
/etc/nginx/fastcgi.conf:fastcgi_param  DOCUMENT_ROOT      $document_root;
/etc/nginx/fastcgi.conf:fastcgi_param  SERVER_NAME        $server_name;
/etc/nginx/nginx.conf:  # server_names_hash_bucket_size 64;
/etc/nginx/nginx.conf:  # server_name_in_redirect off;
root@client-03-rs:~# ^C
root@client-03-rs:~# grep -ERi 'prismforge|root|ssl_cert|server_name' /etc/nginx/*.conf /etc/nginx/conf.d/*.conf
/etc/nginx/fastcgi.conf:fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
/etc/nginx/fastcgi.conf:fastcgi_param  DOCUMENT_ROOT      $document_root;
/etc/nginx/fastcgi.conf:fastcgi_param  SERVER_NAME        $server_name;
/etc/nginx/nginx.conf:  # server_names_hash_bucket_size 64;
/etc/nginx/nginx.conf:  # server_name_in_redirect off;
grep: /etc/nginx/conf.d/*.conf: No such file or directory
root@client-03-rs:~# grep -ERi 'prismforge|root|ssl_cert|server_name' /etc/nginx/*.conf /etc/nginx/conf.d/*.conf^C
root@client-03-rs:~# grep -i include /etc/nginx/nginx.conf
include /etc/nginx/modules-enabled/*.conf;
        include /etc/nginx/mime.types;
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;```

include /etc/nginx/sites-enabled/

Please show:
grep -ERi 'prismforge|root|ssl_cert|server_name' /etc/nginx/sites-enabled/

/etc/nginx/sites-enabled/default:       server_name _;
/etc/nginx/sites-enabled/default:       # deny access to .htaccess files, if Apache's document root
/etc/nginx/sites-enabled/default:#      server_name example.com;
/etc/nginx/sites-enabled/default:#      root /var/www/example.com;
/etc/nginx/sites-enabled/pterodactyl.conf:    server_name admin2.prismforge.com;
/etc/nginx/sites-enabled/pterodactyl.conf:    root /var/www/pterodactyl/public;
/etc/nginx/sites-enabled/pterodactyl.conf:        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

I guess it has to do with the pterodactyl panel then.
I don’t see where NGINX is actually using the cert.

one last look:
grep -ERi 'ssl_cert' /etc/nginx/

This shows that it should be:
https://pterodactyl.io/panel/webserver_configuration.html#nginx

There’s a config file that pulls the cert

    "web": {
        "host": "0.0.0.0",
        "listen": 8080,
        "ssl": {
            "enabled": true,
            "certificate": "/etc/letsencrypt/live/s1.prismforge.com/fullchain.pem",
            "key": "/etc/letsencrypt/live/s1.prismforge.com/privkey.pem"
        }
    },```
That is part of it, would that be it? I'm supposed to copy and paste the whole thing into /srv/daemon/config/core.json
https://pterodactyl.io/daemon/installing.html#installing-daemon-software
1 Like