Certificate not auto-renewing

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: morelandarts.com and www.morelandarts.com

I ran this command: Added a line to the Cron Job which hopefully will automatically renew.
sudo crontab -e - Launches Cron Editor
Add this line -
0 0 1 * * sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --email="flyntmor@gmail.com" --domains=morelandarts.com --domains=www.morelandarts.com --domains=*.morelandarts.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful

It produced this output:
I continue to get the "expires in 20 days

My web server is (include version):
Amazon Lightsail
The operating system my web server runs on is (include version):
Bitnami

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I’m a real novice at this so please be kind.

1 Like

Then you should try to renew it now...

This command (if it works) puts in a job that will run automatically on the first day of the week at exactly midnight? [not sure where you got those instructions - twice a day is the recommended check]

But to the point:
You need to renew first (manually - now) and then worry about the automatic renewal job.

Try:

sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --email="flyntmor@gmail.com --domains=morelandarts.com --domains=www.morelandarts.com --domains=*.morelandarts.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful

I now see you have a wildcard cert request in there - that will require a DNS modification and I don't see any DNS plugin being used, so it will have to be made manually.

Is this the first time for the wildcard?
Looks like you used to have a wildcard cert; but that expired in June:
https://crt.sh/?q=%.morelandarts.com

2 Likes

I really do appreciate your help but I’m such a newbie at this, I have not been able to follow your instructions to manually renew. I cut and pasted the line
“sudo /opt/bitnami/letsencrypt/lego --path=”/opt/bitnami/letsencrypt" --email="flyntmor@gmail.com --domains=morelandarts.com --domains=www.morelandarts.com --domains=*.morelandarts.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful"
As you suggested, and the only response I rec’d was >. I can’t tell that anything happened? I went to the “check your website” server and it still indicates my certificate expires in 10 days.

The > is a prompt from your shell (command interpreter) indicating that it’s waiting for more input from you because there is an opening quotation mark without a matching closing quotation mark.

In this case, that happened because @rg305’s suggestion contained a typo: there should have been a " after the e-mail address flyntmor@gmail.com, but it’s missing. This made the shell think that you hadn’t finished typing in the command yet, because valid shell commands need to have paired opening and closing quotes. (Adding a " at the very end of the line would have prevented the > from appearing, but the command would still have been wrong in a different way.)

A corrected version of @rg305’s suggested command is

sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --email="flyntmor@gmail.com" --domains=morelandarts.com --domains=www.morelandarts.com --domains="*.morelandarts.com" renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful

(I haven’t verified the correctness of any part of that except for the placement of the quotation marks.)

1 Like

Thanks so much for your help but…
When I enter the command you provided, I get this message:
2019/11/22 13:43:34 No challenge selected. You must specify at least one challenge: --http, --tls, --dns.

After “we” get this to work, I sure hope “we” can figure out what I’m doing wrong on the auto renew function.

Try adding (to that long command):
--http
[before the &&]

Still no joy… Here’s the command I entered:
sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --email="flyntmor@gmail.com" --domains=morelandarts.com --domains=www.morelandarts.com --domains="*.morelandarts.com" renew --http && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful

Here’s the response:
Incorrect Usage: flag provided but not defined: -http

NAME:
lego renew - Renew a certificate

USAGE:
lego renew [command options] [arguments…]

OPTIONS:
–days value The number of days left on a certificate to renew it. (default: 30)
–reuse-key Used to indicate you want to reuse your current private key for the new ce
rtificate.
–no-bundle Do not create a certificate bundle by adding the issuers certificate to th
e new certificate.
–must-staple Include the OCSP must staple TLS extension in the CSR and generated certif
icate. Only works if the CSR is generated by lego.
–renew-hook value Define a hook. The hook is executed only when the certificates are effecti
vely renewed.

2019/11/22 20:59:39 flag provided but not defined: -http
bitnami@ip-172-26-12-170:~$

I’m afraid I don’t even know enough to make an educated guess as to what to try.

I believe that --http has to come before the word renew.

According to Lego’s source code, http needs to be a “global” flag rather than a flag of the renew subcommand.

1 Like

OK… that appears to be progress.

Here’s the command:
sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsenc
rypt" --email=flyntmor@gmail.com --domains=morelandarts.com --domains=www.morelandarts.com
–http renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.con
f -k graceful

And the Response:
2019/11/22 21:59:05 You have to pass an account (email address) to the program using --email or -m

Again, thanks so much for your help!

1 Like

I noticed the quotes around my email address so I tried this:
sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --email="flyntmor@gmail.com" --domains=morelandarts.com --domains=www.morelandarts.com --http renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful

Same results:
2019/11/23 23:33:37 You have to pass an account (email address) to the program using --email or -m

Arrrrgh, I need help.

When I run that exact same command with lego v3.2.0, it does not complain about the email address.

I would double check that you are not accidentally doing something weird when you run in the terminal, like missing a space between parameters.

Try it as this:

sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --email "flyntmor@gmail.com --domains "morelandarts.com,www.morelandarts.com" --http renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful

I did a cut and paste, then checked the line char by char. I got a different response this time. Here’s the command:
sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" –email=“flyntmor@gmail.com” --domains=morelandarts.com --domains=www.morelandarts.com --http renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful

Here’s the response:
No help topic for ‘–email=flyntmor@gmail.com’
bitnami@ip-172-26-12-:~$

What am I doing wrong? Please keep the input coming…

That's not a double dash.
Your copy/paste program mashed them into a single long -

Yea! I see signs of progress, but I don’t know what to do from here?
2019/11/24 03:25:32 No key found for account “flyntmor@gmail.com”. Generating a P384 key.
2019/11/24 03:25:32 Saved key to /opt/bitnami/letsencrypt/accounts/acme-v02.api.letsencrypt
.org/“flyntmor@gmail.com”/keys/“flyntmor@gmail.com”.key
2019/11/24 03:25:32 Account “flyntmor@gmail.com” is not registered. Use ‘run’ to register a
new account.
bitnami@ip-172-26-12-170:~$

I tried entering “RUN”

You should probably find and read through the documentation before continuing; as you are requesting certs from the live system (not test/staging).

I’m trying to renew the certificate for an existing live site. I think I have 8 days left.

Before I started asking for help, I went through the procedures listed in 2 documents, with no luck. I have been unable to find a document that describes how to renew manually. I was hoping that if I could figure out how to do it manually, then maybe I could figure out why my auto-renew is not working.

I am admittedly over my head and I really do appreciate the help.

1 Like

Unless you know for sure, you should “test” in the “test” system.
The last thing you want is just as you “figure it out” you get blocked for 5 days.

Issuing a test cert is equally challenging…
Figure that out and your set with the live system.

Can you suggest a document for me to reference?

Sadly the only Lego® I know of is not computerized (they are hard little plastic pieces - LOL)
I would be glad to help search for one… But I don’t know of anything off hand.

So far:
These are included
--tls
--days 90
[not sure why]

https://go-acme.github.io/lego/usage/cli/examples/
Shows only:
To renew the certificate
lego --email="foo@bar.com" --domains="example.com" --http renew