Certificate not auto-renewing

flyntm · November 24, 2019, 3:49am

Thanks for all your assistance. I’ll search some more.

rg305 · November 24, 2019, 4:00am

I think that, according to the docs I read and how I understood them, you may have to register first using ‘run’ before trying to ‘renew’:
[two separate steps]
https://github.com/go-acme/lego/blob/master/docs/content/usage/cli/_index.md

Try invoking the list parameter.
It should show you the certs and maybe the email address used to get them.
[that may help better understand the problem]

My logic:
If it requires an email address, one must have been provided to get the original cert.
If the current email address is NOT registered, then it either:

doesn’t match the original email address
something has gone wrong and corrupted the original email info

flyntm · November 24, 2019, 4:20am

When I reconnected it told me I needed to REBOOT. SO, I did and then reran the command. Now I get something different:

$ No challenge selected. You must specify at least one challenge: --http , --tls, --dns.

But the --http is in there???
In looking at the examples, all of the domains were are listed with ““s around them. SO… I tried this:
sudo /opt/bitnami/letsencrypt/lego --path=”/opt/bitnami/letsencrypt” --email=“flyntmor@gmail.com” --domains=“morelandarts.com” --domains=“www.morelandarts.com” --domains=“*.morelandarts.com” --http renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful

Same result! Seems that Rebooting changed something.

rg305 · November 24, 2019, 4:22am

Please show:
sudo /opt/bitnami/letsencrypt/lego list

I’m taking wagers…
My bet is that you are copy/pasting from a screen that is ‘wordwrapping’ and you are not sending what you think you are.

flyntm · November 24, 2019, 4:27am

bitnami@ip-172-26-12-170:~$ sudo /opt/bitnami/letsencrypt/lego list
No certificates found.

I’m gonna test your theory.

rg305 · November 24, 2019, 4:29am

Try it this way:

sudo /opt/bitnami/letsencrypt/lego \
--path="/opt/bitnami/letsencrypt" \
--email="flyntmor@gmail.com" \
--domains="morelandarts.com" \
--domains="www.morelandarts.com" \
--http renew

[--domains=“*.morelandarts.com” was deliberately omitted; wildcards won’t authenticate via http]
we’ll leave the restart part for later…

EDIT:
modified text - which had mismatched close quotes where an open quote should have been.

flyntm · November 24, 2019, 4:34am

bitnami@ip-172-26-12-170:~$ sudo /opt/bitnami/letsencrypt/lego \

--path=”/opt/bitnami/letsencrypt”
--email=“flyntmor@gmail.com”
--domains=“morelandarts.com”
--domains=“www.morelandarts.com”
--http renew
2019/11/24 04:32:22 No key found for account “flyntmor@gmail.com”. Generating a P384 key.
2019/11/24 04:32:22 Saved key to ”/opt/bitnami/letsencrypt”/accounts/acme-v02.api.letsencry
pt.org/“flyntmor@gmail.com”/keys/“flyntmor@gmail.com”.key
2019/11/24 04:32:23 Account “flyntmor@gmail.com” is not registered. Use 'run' to register a new account.
bitnami@ip-172-26-12-170:~$

Now we're back to that?

rg305 · November 24, 2019, 4:36am

WTH???

Seems like it doesn't have a cert...
Maybe that's why it can't renew (what it doesn't have).

"(Find your certificate in the .lego folder of current working directory.)"
find / -name '.lego'

rg305 · November 24, 2019, 4:42am

Does that file and path exist?
[Looks like the quotes are messing with it.]

rg305 · November 24, 2019, 4:43am

One last try:

sudo /opt/bitnami/letsencrypt/lego \
--path=/opt/bitnami/letsencrypt \
--email=flyntmor@gmail.com \
--domains=morelandarts.com \
--domains=www.morelandarts.com \
--http renew

[no quotes no wrap]

flyntm · November 24, 2019, 4:44am

But… my web site will display the certificate?

the find / -name ‘.lego’ command resulted in a bunch of permission denied responses.

rg305 · November 24, 2019, 4:46am

Probably requires "sudo".

flyntm · November 24, 2019, 4:47am

DUH! I think I’m fading…

flyntm · November 24, 2019, 4:48am

Well this is different:
bitnami@ip-172-26-12-170:~$ sudo /opt/bitnami/letsencrypt/lego \

--path=/opt/bitnami/letsencrypt
--email=flyntmor@gmail.com
--domains=morelandarts.com
--domains=www.morelandarts.com
--http renew
2019/11/24 04:46:10 [INFO] [morelandarts.com] acme: Trying renewal with 183 hours remaining
2019/11/24 04:46:10 [INFO] [morelandarts.com, www.morelandarts.com] acme: Obtaining bundled
SAN certificate
2019/11/24 04:46:11 [INFO] [morelandarts.com] AuthURL: https://acme-v02.api.letsencrypt.org
/acme/authz-v3/1380012144
2019/11/24 04:46:11 [INFO] [www.morelandarts.com] AuthURL: https://acme-v02.api.letsencrypt
.org/acme/authz-v3/1380012147
2019/11/24 04:46:11 [INFO] [morelandarts.com] acme: Could not find solver for: tls-alpn-01
2019/11/24 04:46:11 [INFO] [morelandarts.com] acme: use http-01 solver
2019/11/24 04:46:11 [INFO] [www.morelandarts.com] acme: Could not find solver for: tls-alpn
-01
2019/11/24 04:46:11 [INFO] [www.morelandarts.com] acme: use http-01 solver
2019/11/24 04:46:11 [INFO] [morelandarts.com] acme: Trying to solve HTTP-01
2019/11/24 04:46:11 [INFO] [www.morelandarts.com] acme: Trying to solve HTTP-01
2019/11/24 04:46:11 acme: Error -> One or more domains had a problem:
[morelandarts.com] [morelandarts.com] acme: error presenting token: could not start HTTP se
rver for challenge -> listen tcp :80: bind: address already in use
[www.morelandarts.com] [www.morelandarts.com] acme: error presenting token: could not start
HTTP server for challenge -> listen tcp :80: bind: address already in use
bitnami@ip-172-26-12-170:~$

rg305 · November 24, 2019, 4:50am

Now it’s trying to start a web server…
Remove the:
--http
leave the:
renew

[at the last line]

flyntm · November 24, 2019, 4:53am

bitnami@ip-172-26-12-170:~$ sudo /opt/bitnami/letsencrypt/lego \

--path=/opt/bitnami/letsencrypt
--email=flyntmor@gmail.com
--domains=morelandarts.com
--domains=www.morelandarts.com
renew
2019/11/24 04:52:07 No challenge selected. You must specify at least one challenge: --http , --tls, --dns.

rg305 · November 24, 2019, 4:54am

Well take the hit then.

Stop the webserver.
run the command with --http renew
restart the webserver.

flyntm · November 24, 2019, 4:56am

Apparently I don’t know how to stop the web server?

rg305 · November 24, 2019, 4:57am

From this:

I would assume:
sudo /opt/bitnami/apache2/bin/httpd stop

flyntm · November 24, 2019, 5:02am

bitnami@ip-172-26-12-170:~$ sudo /opt/bitnami/apache2/bin/httpd stop
Usage: /opt/bitnami/apache2/bin/httpd.bin [-D name] [-d directory] [-f file]
[-C “directive”] [-c “directive”]
[-k start|restart|graceful|graceful-stop|stop]
[-v] [-V] [-h] [-l] [-L] [-t] [-T] [-S] [-X]
Options:
-D name : define a name for use in directives
-d directory : specify an alternate initial ServerRoot
-f file : specify an alternate ServerConfigFile
-C “directive” : process directive before reading config files
-c “directive” : process directive after reading config files
-e level : show startup errors of level (see LogLevel)
-E file : log startup errors to file
-v : show version number
-V : show compile settings
-h : list available command line options (this page)
-l : list compiled in modules
-L : list available configuration directives
-t -D DUMP_VHOSTS : show parsed vhost settings
-t -D DUMP_RUN_CFG : show parsed run settings
-S : a synonym for -t -D DUMP_VHOSTS -D DUMP_RUN_CFG
-t -D DUMP_MODULES : show all loaded modules
-M : a synonym for -t -D DUMP_MODULES
-t -D DUMP_INCLUDES: show all included configuration files
-t : run syntax check for config files
-T : start without DocumentRoot(s) check
-X : debug mode (only one worker, do not detach)