Certbot renewal issue


that's right.. before I start working I had only MoBPSCert.. now i have two folders with mobps.de-002

yes, I just wanted to see the file folders easily while using ubuntu as a root user.
sorry taking much of your time :frowning:

Are you able to run commands directly using Ubuntu shell prompt?

Isn't that how you run Certbot? If not please explain how you issue these commands.

2 Likes

through Ubuntu shell prompt only I run commands for nginx, cerbot, R etc.

sorry, i confused you sending winscp images!

What confused me is that commands I asked you to run, and which you did run, did not delete the files they should have.

Please show output of this command. Your directory structure and config files are still wrong. We need to get these fixed so that you have a stable system going forward.

 sudo ls -lR /etc/letsencrypt/{live,archive,renewal}
3 Likes

sorry, i deleted this.

Okay, let's make sure this cert can be renewed. We still need to change your nginx config and fix all these damaged configs and directories but let's do this first

Please show output of this

sudo certbot renew --dry-run --cert-name mobps.de-0002
3 Likes

$ sudo certbot renew --dry-run --cert-name mobps.de-0002
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/mobps.de-0002.conf


failed to fetch renewal_info URL (https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo/nytfzzwhT50Et-0rLMTGcIvS1w0.Bcd3ubKg-l6agfECrRg9O3qW): urn:ietf:params:acme:error:malformed :: The request message was malformed :: While parsing ARI CertID an error occurred :: path contained an Authority Key Identifier that did not match a known issuer
Simulating renewal of an existing certificate for mobps.de and www.mobps.de

Why did you delete that post? Did you also delete all those directories?

2 Likes

No, I didn't.

What did it say after that? Did it say the simulation was successful?

2 Likes

Yes,

Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/mobps.de-0002/fullchain.pem (success)

Good. Let's change your nginx config to use that new certificate

Change these two lines

ssl_certificate       /etc/letsencrypt/live/MoBPSCert/fullchain.pem;
ssl_certificate_key   /etc/letsencrypt/live/MoBPSCert/privkey.pem;

To this and restart nginx after

ssl_certificate       /etc/letsencrypt/live/mobps.de-0002/fullchain.pem;
ssl_certificate_key   /etc/letsencrypt/live/mobps.de-0002/privkey.pem;

Once we confirm nginx is using the new cert we will remove all the damaged config files and directories

4 Likes

changed in /etc/nginx/sites-available/default
/etc/nginx/sites-enabled/default as well

restarted nginx also.

it's secured until September 10 :saluting_face:

Thank you so very much for all your time and your patience :saluting_face:

2 Likes

Excellent. Now we'll fix your system so the scheduled renewal works right.

First, delete these two config files that are not used and not working right

sudo rm /etc/letsencrypt/renewal/mobps.de-0001.conf
sudo rm /etc/letsencrypt/renewal/mobps.de.conf

Also try deleting the one below. Please show result of command. It might not work as it is partly damaged. We will do a different way if this fails

sudo certbot delete --cert-name MoBPSCert
4 Likes

Sure. WIll delete and show the result of the commands on Monday. I don't work on Fridays, sorry! You have a great weekend. Thank you again for your help.

1 Like

Hello Mike,
Good Morning!
As you recommended I ran the commands.
$ sudo rm /etc/letsencrypt/renewal/mobps.de-0001.conf
$ sudo rm /etc/letsencrypt/renewal/mobps.de.conf
$ sudo certbot delete --cert-name MoBPSCert
Saving debug log to /var/log/letsencrypt/letsencrypt.log


The following certificate(s) are selected for deletion:

  • MoBPSCert
    WARNING: Before continuing, ensure that the listed certificates are not being
    used by any installed server software (e.g. Apache, nginx, mail servers).
    Deleting a certificate that is still being used will cause the server software
    to stop working. See User Guide — Certbot 5.0.0.dev0 documentation for information on
    deleting certificates safely.
    Are you sure you want to delete the above certificate(s)?

(Y)es/(N)o: y
Deleted all files relating to certificate MoBPSCert.


I didn't get any error message:)

Also, I checked the /etc/lestencrypt/live and /etc/lestencrypt/renewal folders and see only mobps.de-0002 related config and related files.

Thank you again for your support.

1 Like

Excellent. Just one more. Try

sudo certbot renew --dry-run

Will test auto renew

3 Likes

Yes, I did!
Looks all good:)

$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/mobps.de-0002.conf


Simulating renewal of an existing certificate for mobps.de and www.mobps.de


Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/mobps.de-0002/fullchain.pem (success)


2 Likes