Certificate for the site fra.kucm.ac.kr expires on Oct. 20
even there was auto-renew command was entered
sudo certbot renew --dry-run
So i ran the command manually to renew certificate it doesn't work.
I reinstall it mutiple times and then I deleted the folder live and other file linked
and also removed certbot and python-certbot-nginx
Now when i install and try to install the certificate it says maximum limit reached so i waited
7 days and then install the new certificate still it is not updated and shows expired
This is the output of
certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: fra.kucm.ac.kr
Domains: fra.kucm.ac.kr
Expiry Date: 2021-01-27 05:50:17+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/fra.kucm.ac.kr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/fra.kucm.ac.kr/privkey.pem
I restarted the server, restarted nginx but no effect
It was working fine before the expiry
I checked these sites: https://crt.sh/?q=fra.kucm.ac.kr
I can't figure out the exact problem how the server is using old certificate.
Its shows multiple certificate but i can't figure out may be CN name different
expired has domain name other certificate has letsencrypt as CN name
Could you check your nginx configuration to make sure that it's pointing at the Certbot-obtained certificate (via /etc/letsencrypt/live) and not some other certificate or separate copy elsewhere on your system?
That's quite strange. Are you sure that 1.237.185.235 is the server running this instance of nginx and that there's no other proxy or load balancer in between?
This server is an instance given to me there may be another server in between I asked them about it but they didn't give a proper answer this might be the cause
But initially i install the SSL to the domain from here
Some more evidence to further these theories: https://cku.ulms.me points to the same host and has a valid certificate, but we don't see it in /etc/nginx.
nginx: [warn] conflicting server name "fra.kucm.ac.kr" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
There is one warning because I have to write listen to the main server block also if I don't write listen there then it will show Too many redirect error in the site
I also want to ask about that also but i am sure that may not have caused the certificate expiry issue which i want to solve first.
Do I have to paste all configurations
The fact the output of certbot certificates gives a valid certificate tells us a valid certificate has been issued. It's just not being used. --dry-run wouldn't result in a valid certificate in certbot certificates.
This tells me there is something not correct in your nginx configuration.
Yes please. You can skip all the stuff about mime-types, but I'd like to see the rest.
There is no limit for reinstalling a previously issued certificate. That's just a local thing without using the Let's Encrypt servers. There is however a limit for re-issuing the certificate. The latter is not useful at all (you already have a valid certificate) and only increases the load on the Let's Encrypt systems…
ok I will paste the configuration but you have to know that I previously have no issue with SSL install, it was an issue after the expire happen. (Since previous people also have pointed the role of middle server and I was also thinking that someone might have installed SSL in root server later after i installed in this instance I have asked about it and maybe it will confirm by tomorrow)
About the warning when I install SSL it automatically remove listen from the server block and add new server block to handle force redirection to https but it shows ERR_TOO_MANY_REDIRECT problem in the site and I have to add listen again in the server block.
This is minimized version there are parameter for expiry and caching
server {
listen 80;
server_name fra.kucm.ac.kr;
location /static {
alias /home/ubuntu/kosin/static;
}
location /media {
alias /home/ubuntu/kosin/media;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/kosin/ppes.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/fra.kucm.ac.kr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/fra.kucm.ac.kr/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = fra.kucm.ac.kr) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name fra.kucm.ac.kr;
return 404; # managed by Certbot
}
Here the case is the 2nd line listen 80 gets removed when certbot adds the code and site shows too many redirect and I write listen 80 there. Lower part code is added by certbot as you know.
About reinstall and reissue certificate i try both and deleted the folder and after i delete folder the reissue was already reached the limit i didn't know about that at first and i waited 7days and now reinstall today. you can read in my main question.