Certificate expired, how can I update?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: api.ruijiexunzi.com

I ran this command:

It produced this output:

My web server is (include version):nginx/1.11.4

The operating system my web server runs on is (include version): centos7

My hosting provider, if applicable, is: www.aliyun.com

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Do you know how you generated this certificate the first time?

I don’t know. The HTTPS certificate was configured by someone else, and that guy left. There was no handover.

Try looking through the history for the domain name.

Use this certbot renew command to update the certificate for errors
error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/app.ruijiexunzi.com.conf

Cert is due for renewal, auto-renewing…
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for app.ruijiexunzi.com
http-01 challenge for api.ruijiexunzi.com
http-01 challenge for apiv2.ruijiexunzi.com
http-01 challenge for mz.ruijiexunzi.com
http-01 challenge for stat.ruijiexunzi.com
http-01 challenge for testapi.ruijiexunzi.com
http-01 challenge for testapiv2.ruijiexunzi.com
http-01 challenge for testapiv3.ruijiexunzi.com
http-01 challenge for weibopic.ruijiexunzi.com
http-01 challenge for wx.ruijiexunzi.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/app.ruijiexunzi.com.conf produced an unexpected error: Failed authorization procedure. testapiv2.ruijiexunzi.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://testapiv2.ruijiexunzi.com/.well-known/acme-challenge/YqQiOl2OUG5Y5TznS-aF7tXsJ2kHaat5TQCnDKG6zn8: Timeout, testapi.ruijiexunzi.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://testapi.ruijiexunzi.com/.well-known/acme-challenge/_iy_nY-spxtQBSC8SDpX7HTgoFNRkZ_wwZnvu2OH9uw: Timeout. Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/app.ruijiexunzi.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: testapiv2.ruijiexunzi.com
  Type: connection
  Detail: Fetching
  http://testapiv2.ruijiexunzi.com/.well-known/acme-challenge/YqQiOl2OUG5Y5TznS-aF7tXsJ2kHaat5TQCnDKG6zn8:
  Timeout

  Domain: testapi.ruijiexunzi.com
  Type: connection
  Detail: Fetching
  http://testapi.ruijiexunzi.com/.well-known/acme-challenge/_iy_nY-spxtQBSC8SDpX7HTgoFNRkZ_wwZnvu2OH9uw:
  Timeout

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you’re using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.

原因是你的这两个域名HTTP验证不通过!
通过DNS解析可以看到, 这两个域名的IP(1.192.218.190)与其它的(60.205.149.249)不同, 而使用certbot生成或更新证书, 需要保证全部域名的IP为同一个IP(即当前使用certbot的IP地址, 60.205.149.249), 否则使用HTTP挑战验证将失败!

可以考虑使用
Easy HTTPs - https://easy.zhetao.com/
在线按步骤生成! 如果不是全部域名可通过HTTP访问, 也可以使用DNS解析验证!

Thanks for your help。

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.