Certificate renewal for inherited server

Hi

I’ve inherited a centos 7.5.1804 server which runs a wordpress site, an Java springboot app and an API.

Now when visiting the website(s) I get an certificate expired error: (see image)

There is a Plesk panel which I can not access and I do not know how the initial certificate was installed.

I have SSH access to the server.

which certbot, which certbot-auto letsencrypt and letsencrypt-auto all return command unknown.

What would be the easiest way to renew the certificate?

thx

Hi,

The certificate would mostly be installed from Plesk...

Please take a look at this article:
https://support.plesk.com/hc/en-us/articles/213381869-How-to-retrieve-reset-a-password-of-the-admin-user-in-Plesk-for-Linux

Thank you

Yes

I already did this and the admin password was updated successfully but i still can’t log in with user: admin and psw: newChosenPsw. I tried with " " and without, both return:
The Plesk administrator’s password was successfully updated.

I don’t know what I am doing wrong.

Hi,

You might need to contact Plesk support for this matter....

Thank you

I was able to get a login link for Plesk on the server.
There is 1 domain and 3 subdomains

I was able to renew the certificate for the domain but the subdomains fail to renew.
Maybe they’ve used a wildcard certificate last time for all domain and subdomains, this is probably the reason it didn’t automatically renew.

If I click on the subdomains there are certificates and such.
How do I renew it for the subdomains also?

Hi @mdviv

checking your domain:

D:\temp>download http://ci.lekkerlokaalnatuurlijk.be/.well-known/acme-challenge/1234 -h
Error (1): Der Remoteserver hat einen Fehler zurückgegeben: (403) Unzulässig.
ProtocolError
Connection: keep-alive
X-Content-Type-Options: nosniff
X-Hudson: 1.395
X-Jenkins: 2.121.3
X-Jenkins-Session: 090c825f
X-Hudson-CLI-Port: 50000
X-Jenkins-CLI-Port: 50000
X-Jenkins-CLI2-Port: 50000
X-You-Are-Authenticated-As: anonymous
X-You-Are-In-Group-Disabled: JENKINS-39402: use -Dhudson.security.AccessDeniedException2.REPORT_GROUP_HEADERS=true or use /whoAmI to diagnose
X-Required-Permission: hudson.model.Hudson.Read
X-Permission-Implied-By: hudson.security.Permission.GenericRead,hudson.model.Hudson.Administer
Content-Length: 863
Content-Type: text/html;charset=utf-8
Date: Fri, 19 Oct 2018 17:55:04 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID.2d517e3b=node01q5p0g6sins8u1fu2e8tt2e8rz45.node0;Path=/;HttpOnly
Server: nginx

Status: 403 Forbidden
403

There is a blocking 403. You have to allow Letsencrypt to fetch a file via /.well-known/acme-challenge/long-token

Care to elaborate a little bit please? Where should I look for the block? Ports? Permissions? …

It may be your webserver. It may be your router with a running nginx.

I don't know the details of your configuration. Which instance answers? Check this instance.

Hi,

Extending on @JuergenAuer’s answer, it seems that Jenkins software is blocking the token to display and redirects the users to a login page.

Thank you

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.