Certificate renewal for inherited server


#1

Hi

I’ve inherited a centos 7.5.1804 server which runs a wordpress site, an Java springboot app and an API.

Now when visiting the website(s) I get an certificate expired error: (see image)

There is a Plesk panel which I can not access and I do not know how the initial certificate was installed.

I have SSH access to the server.

which certbot, which certbot-auto letsencrypt and letsencrypt-auto all return command unknown.

What would be the easiest way to renew the certificate?

thx


#2

Hi,

The certificate would mostly be installed from Plesk…

Please take a look at this article:

Thank you


#3

Yes

I already did this and the admin password was updated successfully but i still can’t log in with user: admin and psw: newChosenPsw. I tried with " " and without, both return:
The Plesk administrator’s password was successfully updated.

I don’t know what I am doing wrong.


#4

Hi,

You might need to contact Plesk support for this matter…

Thank you


#5

I was able to get a login link for Plesk on the server.
There is 1 domain and 3 subdomains

I was able to renew the certificate for the domain but the subdomains fail to renew.
Maybe they’ve used a wildcard certificate last time for all domain and subdomains, this is probably the reason it didn’t automatically renew.

If I click on the subdomains there are certificates and such.
How do I renew it for the subdomains also?


#6

Hi @mdviv

checking your domain:

D:\temp>download http://ci.lekkerlokaalnatuurlijk.be/.well-known/acme-challenge/1234 -h
Error (1): Der Remoteserver hat einen Fehler zurückgegeben: (403) Unzulässig.
ProtocolError
Connection: keep-alive
X-Content-Type-Options: nosniff
X-Hudson: 1.395
X-Jenkins: 2.121.3
X-Jenkins-Session: 090c825f
X-Hudson-CLI-Port: 50000
X-Jenkins-CLI-Port: 50000
X-Jenkins-CLI2-Port: 50000
X-You-Are-Authenticated-As: anonymous
X-You-Are-In-Group-Disabled: JENKINS-39402: use -Dhudson.security.AccessDeniedException2.REPORT_GROUP_HEADERS=true or use /whoAmI to diagnose
X-Required-Permission: hudson.model.Hudson.Read
X-Permission-Implied-By: hudson.security.Permission.GenericRead,hudson.model.Hudson.Administer
Content-Length: 863
Content-Type: text/html;charset=utf-8
Date: Fri, 19 Oct 2018 17:55:04 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID.2d517e3b=node01q5p0g6sins8u1fu2e8tt2e8rz45.node0;Path=/;HttpOnly
Server: nginx

Status: 403 Forbidden
403

There is a blocking 403. You have to allow Letsencrypt to fetch a file via /.well-known/acme-challenge/long-token


#8

Care to elaborate a little bit please? Where should I look for the block? Ports? Permissions? …


#9

It may be your webserver. It may be your router with a running nginx.

I don’t know the details of your configuration. Which instance answers? Check this instance.


#10

Hi,

Extending on @JuergenAuer’s answer, it seems that Jenkins software is blocking the token to display and redirects the users to a login page.

Thank you