Certificate did not renew but is not showing any errors

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
affinity-iot.com
I ran this command:
sudo /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
It produced this output:
Unmonitored apache

Syntax OK

/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped

2019/12/13 16:34:05 [INFO] [affinity-iot.com] acme: Trying renewal with 2158 hours remaining

2019/12/13 16:34:05 [INFO] [affinity-iot.com, www.affinity-iot.com] acme: Obtaining bundled SAN certificate

2019/12/13 16:34:06 [INFO] [affinity-iot.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1710221149

2019/12/13 16:34:06 [INFO] [www.affinity-iot.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1710221150

2019/12/13 16:34:06 [INFO] [affinity-iot.com] acme: authorization already valid; skipping challenge

2019/12/13 16:34:06 [INFO] [www.affinity-iot.com] acme: authorization already valid; skipping challenge

2019/12/13 16:34:06 [INFO] [affinity-iot.com, www.affinity-iot.com] acme: Validations succeeded; requesting certificates

2019/12/13 16:34:07 [INFO] [affinity-iot.com] Server responded with a certificate.

Syntax OK

/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80

Monitored apache
My web server is (include version):
Apache2 on ubuntu using bitnami wordpress
The operating system my web server runs on is (include version):
Linux Ubuntu 16.04
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Command line
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

I have the renewal command in my crontab /opt/bitnami/letsencrypt/scripts/renew-certificate.sh to run every time that we are due for renewal. I knew that today we were due to renew, but saw that the site indicated there was no valid cert. I ran the command manually and did not receive any error, but the certs are not appearing in the /live/domain directory. I also checked the letsencrypt logs and it is not indicating any errors. Any help at all is much appreciated!

Sincerely,
Andrew

Hi @AndrewP

checking your domain you have already created three new certificates - https://check-your-website.server-daten.de/?q=affinity-iot.com#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-12-13 2020-03-12 affinity-iot.com, www.affinity-iot.com - 2 entries duplicate nr. 3
Let’s Encrypt Authority X3 2019-12-13 2020-03-12 affinity-iot.com, www.affinity-iot.com - 2 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-12-13 2020-03-12 affinity-iot.com, www.affinity-iot.com - 2 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-11-19 2020-02-17 affinity-iot.com - 1 entries
Let’s Encrypt Authority X3 2019-10-19 2020-01-17 affinity-iot.com, www.affinity-iot.com - 2 entries

So that part has worked. Don’t create a new certificate, there is a rate limit.

But you don’t use it, instead, you use the expired certificate.

CN=affinity-iot.com
	14.09.2019
	13.12.2019
0 days expired	affinity-iot.com, www.affinity-iot.com - 2 entries

So check the documentation of that renew-certificate.sh how to “only install” an existing certificate.

3 Likes

Thanks for the advice. I did not see this until late, so I went ahead and just installed a new cert manually. I will need to read into the documentation again for the rewnew-certificate script.

2 Likes

Hi @JuergenAuer,
Thank you for your reply. I have searched online for documentation for the renew-certificate.sh file. I have found this result: https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/
And my renew-certificate.sh file looks like this:
#!/bin/bash

sudo /opt/bitnami/ctlscript.sh stop apache

sudo /opt/bitnami/letsencrypt/lego --tls --email="XXXXX" --domains="affinity-iot.com" --domains="www.affinity-iot.com" --path="/opt/bitnami/letsencrypt" renew --days 90

sudo /opt/bitnami/ctlscript.sh start apache 

Do you see any issues with this script? As always, I appreciate your time and expertise.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.