Certificate not renewed

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
felix.world

I ran this command:
certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory -d “*.felix.world” -d “felix.world”

It produced this output:
IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/felix.world/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/felix.world/privkey.pem
    Your cert will expire on 2019-11-18. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le
    My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 18.04 in a LXC Container

My hosting provider, if applicable, is:
Namecheap

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.23.0

The Problem is that my certificate is not renewd. The issued certificate will expire in 2 days and in cause of the rate limit i can’t test anymore.

Please help.

Best Regards,
FElix

1 Like
2

Hi @Lineconnect

checking your domain you have created 5 identical certificates - https://check-your-website.server-daten.de/?q=felix.world#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-11-16 2020-02-14 *.felix.world, felix.world - 2 entries duplicate nr. 5 next Letsencrypt certificate: 2019-11-23 07:12:46
Let's Encrypt Authority X3 2019-11-16 2020-02-14 *.felix.world, felix.world - 2 entries duplicate nr. 4
Let's Encrypt Authority X3 2019-11-16 2020-02-14 *.felix.world, felix.world - 2 entries duplicate nr. 3
Let's Encrypt Authority X3 2019-11-16 2020-02-14 *.felix.world, felix.world - 2 entries duplicate nr. 2
Let's Encrypt Authority X3 2019-11-16 2020-02-14 *.felix.world, felix.world - 2 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-08-20 2019-11-18 *.felix.world, felix.world - 2 entries

But you don't use one of these, instead, you use the old certificate:

CN=felix.world
	20.08.2019
	18.11.2019
expires in 2 days	*.felix.world, felix.world - 2 entries

But: certonly doesn't install the certificate and doesn't restart the server. That's required to use a new certificate.

So first step: Restart your webserver, then recheck your domain with the online tool to see, if the new certificate is used.

If that doesn't help, what says

certbot certificates
1 Like
3

Hi @JuergenAuer,

yes, i've created 5 identical certificates, because there is no new certificate in the filesystem of my webserver. Also the issued certificate will - as the output from certbot says - expire in 2 days

Your key file has been saved at:
/etc/letsencrypt/live/felix.world/privkey.pem
Your cert will expire on 2019-11-18. To obtain a new or tweaked

In the letsencrypt directory there is one folder which has been touched today but the last edit of the certificates in this directory is 2019-08-20.

root@www-reverse-proxy:/etc/letsencrypt/archive# ll
total 0
drwx------ 1 root root 142 Aug 20 17:28 ./
drwxr-xr-x 1 root root 246 Nov 16 13:05 ../
drwxr-xr-x 1 root root 180 Jun 11 19:15 felix.world/
drwxr-xr-x 1 root root 90 Aug 20 17:25 felix.world-0001/
drwxr-xr-x 1 root root 90 Nov 16 08:20 felix.world-0002/

ls on dir:

root@www-reverse-proxy:/etc/letsencrypt/archive# ls -al felix.world-0002/
total 16
drwxr-xr-x 1 root root 90 Nov 16 08:20 .
drwx------ 1 root root 142 Aug 20 17:28 ..
-rw-r--r-- 1 root root 1919 Aug 20 17:28 cert1.pem
-rw-r--r-- 1 root root 1647 Aug 20 17:28 chain1.pem
-rw-r--r-- 1 root root 3566 Aug 20 17:28 fullchain1.pem
-rw-r--r-- 1 root root 1704 Aug 20 17:28 privkey1.pem

The same says "certbot certificates"

Certificate Name: felix.world
Domains: felix.world *.felix.world
Expiry Date: 2019-11-18 16:28:10+00:00 (VALID: 2 days)
Certificate Path: /etc/letsencrypt/live/felix.world/fullchain.pem
Private Key Path: /etc/letsencrypt/live/felix.world/privkey.pem

I use letsencrypt for years and have never been seen a behavior like this.

Thanks and best regards,
Felix

1 Like
4

Sorry for the community entry. I’ve check the logs and found the destination of the issued certificate. The output directory where certbot places the certificate was wrong.

2 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.