Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: Added a line to the Cron Job which hopefully will automatically renew.
sudo crontab -e - Launches Cron Editor
Add this line -
0 0 1 * * sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --email="flyntmor@gmail.com" --domains=morelandarts.com --domains=www.morelandarts.com --domains=*.morelandarts.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful
It produced this output:
I continue to get the "expires in 20 days
My web server is (include version):
Amazon Lightsail
The operating system my web server runs on is (include version):
Bitnami
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I donāt know):
Yes
Iām using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youāre using Certbot):
This command (if it works) puts in a job that will run automatically on the first day of the week at exactly midnight? [not sure where you got those instructions - twice a day is the recommended check]
But to the point:
You need to renew first (manually - now) and then worry about the automatic renewal job.
I now see you have a wildcard cert request in there - that will require a DNS modification and I don't see any DNS plugin being used, so it will have to be made manually.
Is this the first time for the wildcard?
Looks like you used to have a wildcard cert; but that expired in June:
I really do appreciate your help but Iām such a newbie at this, I have not been able to follow your instructions to manually renew. I cut and pasted the line
āsudo /opt/bitnami/letsencrypt/lego --path=ā/opt/bitnami/letsencrypt" --email="flyntmor@gmail.com --domains=morelandarts.com --domains=www.morelandarts.com --domains=*.morelandarts.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful"
As you suggested, and the only response I recād was >. I canāt tell that anything happened? I went to the ācheck your websiteā server and it still indicates my certificate expires in 10 days.
The > is a prompt from your shell (command interpreter) indicating that itās waiting for more input from you because there is an opening quotation mark without a matching closing quotation mark.
In this case, that happened because @rg305ās suggestion contained a typo: there should have been a " after the e-mail address flyntmor@gmail.com, but itās missing. This made the shell think that you hadnāt finished typing in the command yet, because valid shell commands need to have paired opening and closing quotes. (Adding a " at the very end of the line would have prevented the > from appearing, but the command would still have been wrong in a different way.)
A corrected version of @rg305ās suggested command is
Thanks so much for your help butā¦
When I enter the command you provided, I get this message:
2019/11/22 13:43:34 No challenge selected. You must specify at least one challenge: --http, --tls, --dns.
After āweā get this to work, I sure hope āweā can figure out what Iām doing wrong on the auto renew function.
OPTIONS:
ādays value The number of days left on a certificate to renew it. (default: 30)
āreuse-key Used to indicate you want to reuse your current private key for the new ce
rtificate.
āno-bundle Do not create a certificate bundle by adding the issuers certificate to th
e new certificate.
āmust-staple Include the OCSP must staple TLS extension in the CSR and generated certif
icate. Only works if the CSR is generated by lego.
ārenew-hook value Define a hook. The hook is executed only when the certificates are effecti
vely renewed.
2019/11/22 20:59:39 flag provided but not defined: -http
bitnami@ip-172-26-12-170:~$
Iām afraid I donāt even know enough to make an educated guess as to what to try.
I noticed the quotes around my email address so I tried this:
sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --email="flyntmor@gmail.com" --domains=morelandarts.com --domains=www.morelandarts.com --http renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful
Same results:
2019/11/23 23:33:37 You have to pass an account (email address) to the program using --email or -m
I did a cut and paste, then checked the line char by char. I got a different response this time. Hereās the command:
sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" āemail=āflyntmor@gmail.comā --domains=morelandarts.com --domains=www.morelandarts.com --http renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful
Hereās the response:
No help topic for āāemail=flyntmor@gmail.comā
bitnami@ip-172-26-12-:~$
What am I doing wrong? Please keep the input comingā¦
Yea! I see signs of progress, but I donāt know what to do from here?
2019/11/24 03:25:32 No key found for account āflyntmor@gmail.comā. Generating a P384 key.
2019/11/24 03:25:32 Saved key to /opt/bitnami/letsencrypt/accounts/acme-v02.api.letsencrypt
.org/āflyntmor@gmail.comā/keys/āflyntmor@gmail.comā.key
2019/11/24 03:25:32 Account āflyntmor@gmail.comā is not registered. Use ārunā to register a
new account.
bitnami@ip-172-26-12-170:~$
Iām trying to renew the certificate for an existing live site. I think I have 8 days left.
Before I started asking for help, I went through the procedures listed in 2 documents, with no luck. I have been unable to find a document that describes how to renew manually. I was hoping that if I could figure out how to do it manually, then maybe I could figure out why my auto-renew is not working.
I am admittedly over my head and I really do appreciate the help.
Unless you know for sure, you should ātestā in the ātestā system.
The last thing you want is just as you āfigure it outā you get blocked for 5 days.
Issuing a test cert is equally challengingā¦
Figure that out and your set with the live system.
Sadly the only LegoĀ® I know of is not computerized (they are hard little plastic pieces - LOL)
I would be glad to help search for oneā¦ But I donāt know of anything off hand.
So far:
These are included --tls --days 90
[not sure why]