Certificate renewal after expiry

Please fill out the fields below so we can help you better.

My domain is:
I ran this command:
letsencrypt renew
letsencrypt run
letsencrypt revoke
It produced this output:

Domain: kronos.mondodiverso.com
Type: connection
Detail: Failed to connect to for TLS-SNI-01

My operating system is (include version):
XUbuntu 16.04
My web server is (include version):
Apache 2.4.18
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The error seems logical to me since after the cert expired, no valid ssl-connection can be established.
I disabled ssl on the apache, but letsencrypt obviously insists in renewal over ssl.

Neither run nor revoke work either.

Any ideas out there?

The TLS-SNI-01 challenge does not use your site’s certificate, but rather a self-signed certificate that’s generated by the client, with a random component in it. Think of it this way: When you got your first certificate, you (probably) didn’t have a valid certificate either, and things worked anyway.

That being said, your error seems to be a general connection error, meaning no connection to port 443 was possible at all. This could be due to a firewall on your end or some ISP filtering. I noticed the IP belongs to an ISP I happen to know, and from what I recall they have a setting in their control panel that blocks all incoming connections which defaults to “off” (at least in my case). I would recommend testing basic external connectivity (telnet ftw!) to port 443 from some external VPS or through some VPN/proxy.

Note that revocation is a process to mark compromised certificates as insecure in browsers (which would be the case anyway due to the expiration date), and not a way to roll back your configuration or uninstall a certificate on your server.

Thanks a lot,
your’re right, my fault.
Was a misconfiguration on portforwarding and network interfaces. Internally it worked so I didn’t see.
Going out via vpn and back in showed it!

Cert could be renewed in the meantime!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.