Certbot renewal issue

Our website is not secured with https. It was running well until the certificate expired.

My domain is:www.mobps.de

I ran this command:sudo certbot renew

It produced this output: processing /etc/letsencrypt/renewal/mobps.de.conf
certificate not yet due for renewal
/etc/letsencrypt/live/MoBPSCert/fullchain.pem expired on 2024-04-10(skipped)
/etc/letsencrypt/live/mobps.defullchain.pem expired on 2023-06-30(skipped)
No renewals were attempted

My web server is (include version):nginx

The operating system my web server runs on is (include version):linux ubuntu

My hosting provider, if applicable, is: university of goettingen

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.6.0

Your website is currently serving a Sectigo certificate which was issued on 10th of May 2022 and expired on 11th May 2023. It's possible you were never fully configured to use Let's Encrypt at all.

Is it possible you are using Sectigo ACME service to get a 1 year certificate? I see there is a recently issued Sectigo cert expiring 2024-04-10 and your certbot log also mentions the same date.

right, somewhere I am doing wrong. don't know where it is.

Below is the log file from letsencrypt:

2023-05-16 11:19:35,073:DEBUG:urllib3.connectionpool:http://localhost:None
"GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2023-05-16 11:19:35,282:DEBUG:certbot._internal.main:certbot version: 2.6.0
2023-05-16 11:19:35,282:DEBUG:certbot._internal.main:Location of certbot entry
point: /snap/certbot/3024/bin/certbot
2023-05-16 11:19:35,282:DEBUG:certbot._internal.main:Arguments:
['--preconfigured-renewal']
2023-05-16 11:19:35,282:DEBUG:certbot._internal.main:Discovered plugins:
PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPo
int#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-05-16 11:19:35,314:DEBUG:certbot._internal.log:Root logging level set at
30
2023-05-16 11:19:35,315:DEBUG:certbot._internal.display.obj:Notifying user:
Processing /etc/letsencrypt/renewal/MoBPSCert.conf
2023-05-16 11:19:35,334:DEBUG:certbot._internal.plugins.selection:Requested
authenticator <certbot._internal.cli.cli_utils._Default object at
0x7f7b1c5a1f40> and installer <certbot._internal.cli.cli_utils._Default object
at 0x7f7b1c5a1f40>
2023-05-16 11:19:35,352:DEBUG:urllib3.connectionpool:Starting new HTTP
connection (1): ocsp.sectigo.com:80
2023-05-16
11:19:35,577:DEBUG:urllib3.connectionpool:http://ocsp.sectigo.com:80 "POST /
HTTP/1.1" 200 471
2023-05-16 11:19:35,578:DEBUG:certbot.ocsp:OCSP response for certificate
/etc/letsencrypt/archive/MoBPSCert/cert2.pem is signed by the certificate's
issuer.
2023-05-16 11:19:35,578:DEBUG:certbot.ocsp:OCSP certificate status for
/etc/letsencrypt/archive/MoBPSCert/cert2.pem is: OCSPCertStatus.GOOD
2023-05-16 11:19:35,581:DEBUG:certbot._internal.display.obj:Notifying user:
Certificate not yet due for renewal
2023-05-16 11:19:35,581:DEBUG:certbot._internal.plugins.selection:Requested
authenticator standalone and installer None
2023-05-16 11:19:35,582:DEBUG:certbot._internal.display.obj:Notifying user:
Processing /etc/letsencrypt/renewal/mobps.de.conf
2023-05-16 11:19:35,596:DEBUG:urllib3.connectionpool:Starting new HTTP
connection (1): r3.o.lencr.org:80
2023-05-16 11:19:35,755:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80
"POST / HTTP/1.1" 200 503
2023-05-16 11:19:35,756:DEBUG:certbot.ocsp:OCSP response for certificate
/etc/letsencrypt/archive/mobps.de/cert8.pem is signed by the certificate's
issuer.
2023-05-16 11:19:35,756:DEBUG:certbot.ocsp:OCSP certificate status for
/etc/letsencrypt/archive/mobps.de/cert8.pem is: OCSPCertStatus.GOOD
2023-05-16 11:19:35,757:DEBUG:certbot._internal.display.obj:Notifying user:
Certificate not yet due for renewal
2023-05-16 11:19:35,758:DEBUG:certbot._internal.plugins.selection:Requested
authenticator nginx and installer nginx
2023-05-16 11:19:35,760:DEBUG:certbot._internal.plugins.selection:Selecting
plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at
0x7f7b1c5a1af0>
2023-05-16 11:19:35,760:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
2023-05-16 11:19:35,761:DEBUG:certbot._internal.display.obj:Notifying user:
The following certificates are not due for renewal yet:
2023-05-16 11:19:35,761:DEBUG:certbot._internal.display.obj:Notifying user:  
/etc/letsencrypt/live/MoBPSCert/fullchain.pem expires on 2024-04-10 (skipped)
  /etc/letsencrypt/live/mobps.de/fullchain.pem expires on 2023-06-30 (skipped)
2023-05-16 11:19:35,761:DEBUG:certbot._internal.display.obj:Notifying user: No
renewals were attempted.
2023-05-16 11:19:35,761:DEBUG:certbot._internal.display.obj:Notifying user: -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2023-05-16 11:19:35,761:DEBUG:certbot._internal.renewal:no renewal failures

It still looks like you are trying to use both Sectigo and Let's Encrypt to get certificates, and your www.mobps.de website confgiuration in nginx is pointing to old Sectigo files.

Have a look at your nginx config, decide if you want to point it to the sectigo certificate files or the let's encrypt ones:

Sectigo /etc/letsencrypt/live/MoBPSCert/
Let's Encrypt: /etc/letsencrypt/live/mobps.de/

Thank you so much. nginx confg points to MoBPSCert only.
So, I could delete the mopbs.de folder, then. Then the live folder points to only MoBPSCert. Is it okay to delete completely?

I deleted the folder and it works fine. Thank you for your suggestion.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.