Certificate renew issue

saurabh.patil · February 6, 2019, 6:06pm

My domain is: [redacted]

I ran this command: certbot renew --dry-run

It produced this output:

Processing /etc/letsencrypt/renewal/[redacted].conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for subdomain1.[redacted]
http-01 challenge for [redacted]
http-01 challenge for subdomain2.[redacted]
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification…
Cleaning up challenges

new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/[redacted]/fullchain.pem

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/[readacted]/fullchain.pem (success)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: nginx

I can login to a root shell on my machine (yes or no, or I don’t know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.26.1

Initially i installed certificate through - certbot --nginx certonly --cert-name [redacted]

following command

Osiris · February 6, 2019, 6:25pm

Your test run was successful. What exactly is the problem you're running into?

rg305 · February 7, 2019, 12:52am

That is just a test.

This seems to indicate that you actually need to renew them now for real:

So did they renew or just test renew?
Please show:
certbot certificates

certonly doesn't modify the config...
[it literally ONLY gets a CERT]

saurabh.patil · February 7, 2019, 3:56am

Thanks, I m not able to see changes in expiry date after nginx service reload.
So what happended exactly certificate renewed or not

rg305 · February 7, 2019, 4:07am

Probably NOT: crt.sh | [redacted]

To confirm, please show output of:
certbot certificates

saurabh.patil · February 7, 2019, 4:09am

When I am checking my certificate expiry

Command written in [redacted] folder

openssl x509 -dates -noout -in fullchain.pem

notBefore=Nov 29 04:03:57 2018 GMT
notAfter=Feb 27 04:03:57 2019 GMT

This time is not changing here after nginx
reload

rg305 · February 7, 2019, 4:13am

This command would be much simpler...

But they should show the same date: 2019.02.27 [21 days from now]

So it seems the command:

Did exactly that; Just a --dry-run TEST.

You need to repeat that without the --dry-run testing.
Try:
certbot renew

Osiris · February 7, 2019, 6:16am

Did you also run certbot renew without the --dry-run?

Did you point your nginx configuration file to the symbolic links in /etc/letsencrypt/live/{yourhostname}/?

saurabh.patil · February 7, 2019, 6:32am

i havent tried certbot renew will check

/etc/letsencrypt/live/{yourhostname}/ ?
This i have done

system · March 9, 2019, 12:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/fullchain.pem (failure) Help	7	24013	March 3, 2019
SSL certificate expired - Not able to renew Help	9	597	June 23, 2021
Unable to renew SSL certificate using certbot Help	19	4496	August 4, 2022
Certbot renew dry run works but not actual renew Help	8	5894	December 17, 2017
Help with renew Help	5	1437	November 6, 2016

Certificate renew issue

Related topics