Certificate Expiring in 20 days

webmasterchuo · July 11, 2019, 2:51pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

biblio.chuo.fm
chuo.fm
library.chuo.fm
www.chuo.fm

I ran this command: none

It produced this output: none

My web server is (include version): dont know

The operating system my web server runs on is (include version): linux ubuntu

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): says command not found

JuergenAuer · July 11, 2019, 3:15pm

Hi @webmasterchuo

you have a lot of older certificates, first with four domain names is from 2017-11-15.

|Let's Encrypt Authority X3|2017-11-15|2018-02-13|biblio.chuo.fm, chuo.fm, library.chuo.fm, www.chuo.fm
4 entries||
| --- | --- | --- |

last from 2019-05-02. How did you create these certificates? What's your client?

webmasterchuo · July 11, 2019, 3:16pm

Hey
I recently started working here so I am not sure. Is there a way I can find out now ?

JuergenAuer · July 11, 2019, 3:24pm

Check your server if there is a Letsencrypt client.

If you are not familiar with certificates, perhaps start with some basics.

webmasterchuo · July 11, 2019, 3:25pm

Yes its a Lets Encrypt client, i just received an email from them saying that my certificates are expiring in 20 days.

webmasterchuo · July 11, 2019, 3:37pm

My computer dosnt recognize certbot, how do i renew the certificates ?

JuergenAuer · July 11, 2019, 3:40pm

Please read the basics:

webmasterchuo · July 11, 2019, 4:04pm

I installed certbot, but when i do the final command sudo apt-get install certbot python-certbot-apache

i get number of errors, one that is repeated is
Unable to restart apache using [‘apache2ctl’, ‘graceful’]

JuergenAuer · July 11, 2019, 4:11pm

You don't have an Apache, there is a nginx - https://check-your-website.server-daten.de/?q=chuo.fm

Server: nginx/1.12.2

webmasterchuo · July 12, 2019, 3:37pm

I am unable to install ngnix-acme on my computer. I am using a mac to ssh into the server.

JuergenAuer · July 12, 2019, 3:50pm

You must install the certbot on the server, not on your computer.

webmasterchuo · July 12, 2019, 3:59pm

I dont have access to the actual server itself, i can only ssh into it and make changes from there or i can use FileZilla to replace files. Is there a way to renew certificates with my situation ?

JuergenAuer · July 12, 2019, 4:12pm

If you have ssh access, you have access, that's enough.

Install Certbot on your server.

schoen · July 12, 2019, 5:03pm

@JuergenAuer but maybe @webmasterchuo has a non-administrative account on a shared server, rather than an administrative account?

webmasterchuo · July 12, 2019, 5:05pm

I ll try installing and get back to you

webmasterchuo · July 12, 2019, 5:09pm

UPDATE:
i installed certbot on server and the current version is certbot 0.31.0
Then i tried doing the following command to renew my certificate

sudo sh -c “sed -i.bak -e ‘s/^(pref_challs.)tls-sni-01(.)/\1http-01\2/g’ /etc/letsencrypt/renewal/; rm -f /etc/letsencrypt/renewal/.bak”

but got an error // --> sed: can’t read /etc/letsencrypt/renewal/*: No such file or directory

Then i did the dry run test and got the following result:
chuo@charon:~$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

No renewals were attempted.
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

Like you see it says no renewals attempted towards the end, how do I force a renewal ?

JuergenAuer · July 12, 2019, 5:20pm

That's

not a renew command.

First: What says

certbot certificates

Then read

https://certbot.eff.org/docs/using.html

and start with

sudo certbot --nginx

to see, if certbot understands your configuration.

webmasterchuo · July 12, 2019, 5:30pm

Tried doing certbot certificates
got this

The following error was encountered:
[Errno 13] Permission denied: ‘/var/log/letsencrypt/.certbot.lock’
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.

JuergenAuer · July 12, 2019, 5:35pm

There

is your answer.

webmasterchuo · July 12, 2019, 5:52pm

Logged in as a root now, ran the certbot certificates command,
result showed no certificates found.