My domain is: apps.optimium.in
I ran this command: sudo certbot -d apps.optimium.in --force-renewal
It produced this output:
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains: https://apps.optimium.in
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/apps.optimium.in-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/apps.optimium.in-0001/privkey.pem
Your certificate will expire on 2022-08-08. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew *all* of your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
My web server is (include version): Server version: Apache/2.4.6 (CentOS)
The operating system my web server runs on is (include version):
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
My hosting provider, if applicable, is: NOT APPLICABLE
I can login to a root shell on my machine (yes or no, or I don't know): YES
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 1.11.0
THE ISSUE:
The certificates were working fine on the old servers. Ever since we moved the servers and copied the certificate folder from the old to the new server, we are facing this issue.
I have gone through most of the similar tickets and have tried to copy the "IRSDA_root_cert" to cert.pem etc. But on verifying with the
https://www.ssllabs.com/ssltest/analyze.html?d=apps.optimium.in
shows certificates expired.
issuing the command "certbot certificates" has the following response:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
verifying the signature of the certificate located at /etc/letsencrypt/live/apps.optimium.in-0001/cert.pem has failed. Details:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/crypto_util.py", line 280, in verify_renewable_cert_sig
cert.signature_hash_algorithm)
File "/usr/lib/python2.7/site-packages/certbot/crypto_util.py", line 308, in verify_signed_payload
verifier.verify()
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/rsa.py", line 370, in verify
self._hash_ctx.finalize()
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/rsa.py", line 313, in _rsa_sig_verify
raise InvalidSignature
InvalidSignature
Renewal configuration file /etc/letsencrypt/renewal/apps.optimium.in-0001.conf produced an unexpected error: verifying the signature of the certificate located at /etc/letsencrypt/live/apps.optimium.in-0001/cert.pem has failed. Details: . Skipping.
The following renewal configurations were invalid:
/etc/letsencrypt/renewal/apps.optimium.in-0001.conf
Issuing the comment "certbot renew" has the following response:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/apps.optimium.in-0001.conf
Revocation status for /etc/letsencrypt/archive/apps.optimium.in-0001/cert1.pem is unknown
Cert not yet due for renewal
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/apps.optimium.in-0001/fullchain.pem expires on 2022-10-01 (skipped)
No renewals were attempted.
Thanks alot for your help.
Sammeer