Certificate expire soon

Hello,
I am a complete newbie. I am trying to manage a server on a volunteer basis. I am new to this system. Now a message arrived on my inbox, that the certificate will expire soon (28.02.2023). I don’t know if I need to act. The website tells me that the certificate will be renewed automatically. But still I get message to update/renew my certificate.
Do I need to run something manually, or will there be an automatic update, or should I try to force update? But I don’t know how. That’s where I need help please.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: csu-haimhausen.de

I ran this command: none yet

It produced this output:

My web server is (include version): Ubuntu 20.04 LTS 64bit + Plesk Obsidian

The operating system my web server runs on is (include version): Ubuntu 20.04 LTS 64bit + Plesk Obsidian

My hosting provider, if applicable, is: Strato

I can login to a root shell on my machine (yes or no, or I don't know): never done

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): -

Your certificate expires in 19 days. You should not worry yet.

If plesk says the certificate will be renewed automatically, check its logs to see if it has tried doing so (and failed).

You should also be able to find the appropriate settings to renew your certificates 30 days before they expire, so you don't get the emails.

4 Likes

Well, you know. Also you started as a newbie one day. You comment is complete useless. If you want to participate for a community, you should start/lean also helping newbies, instead of writing nonsense comments.

2 Likes

Yes, putting a webserver online and forgetting about it is asking for trouble.

But no, berating the newbie is not going to solve the problem or be anyway useful :slight_smile:

Please don't berate the newbie. Not here, at least.

3 Likes

At the risk of sounding unhelpful this forum is probably not the best first stop for you. It looks like you have a hosting provider (Strato) that setup a configuration system (Plesk) for you.

That Plesk system should be able to get and renew certs automatically. Failures of that are best asked of the person who set that up. In this case Strato. If nothing else they should be able to point you to better aids for debugging. After all, you are paying them for this service.

9peppe pretty much said this same thing in the second post. I'm just adding extra color.

Also, I think with just 19 days remaining on your cert you should be concerned. You certainly have some time (19 days) but usually auto-renewals are done with 30 days remaining so it seems like something has gone wrong. That is why Let's Encrypt sends friendly warning emails with just 20 days remaining.

From your cert history it looks like something changed dramatically last Nov (link here). That's a good place to focus attention and ask Strato what that was.

If that fails come back here but our abilities to debug config systems setup by someone else are sometimes limited.

4 Likes

In November the server was reinstalled. Then I configured SSL. Nothing special happend. Of cause I'll contact Strato as well.
Thinking about a possible path to solve the issue, would it be ok to remove all certificates and recreate?
But what did I wrong that the auto-renewal does not work? I would like to prevent that issue. Hence, any tipp that might be important to do it right?

It is never a good idea to remove perfectly good certs.
If you are having trouble getting new ones, then don't let go of the ones you have [until you are sure you can get new ones - even then I'd get the new one first].

That said, you could still try that; And undo it, if it goes awry, by first backing up the entire {insert your ACME clients' cert path here} folder.

2 Likes

Of cause doing it in the right order and not deleting is key. For now I 'disconnected' the cert from the domain. Then I requested/created a new certificate, and assigned it to the domain. This seems to solve my problem for now. Next renewal is now shown for end of march. So looking forward if it renew automatically or if I need to 'refresh' again.

1 Like