Email About Renewing Certs

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cg-maq.com

I received an email saying "Your certificate (or certificates) for the names listed below will expire in 19 days (on 2023-09-29). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors." but I'm not sure how to renew my certificates. Could someone help?

Hello @mgg, welcome to the Let's Encrypt community.

How were the certificate originally created?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cg-maq.com

I ran this command:

It produced this output:

My web server is (include version): Apache (from what curl showed me)

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: amazonaws.com (see Edit below)

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thank you for assisting us in helping YOU!

Edit:
https://sitereport.netcraft.com/?url=https://www.cg-maq.com

$ nslookup cg-maq.com
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   cg-maq.com
Address: 3.137.113.224

$ nslookup ec2-3-137-113-224.us-east-2.compute.amazonaws.com
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   ec2-3-137-113-224.us-east-2.compute.amazonaws.com
Address: 3.137.113.224

well you don't appear to actually be using the certificate that expires on September 29

rather, you're using a certificate that expired on June 21

when is the last time your website actually worked properly? (I'm guessing June 21)

based on the issuance date of the certificate you're using, I assume you did your initial certificate setup on March 23rd

what did you do on that day? how did you obtain the certificate originally? Did you use certbot? Something else?

I have no idea. I set up my website and don't remember having to obtain a certificate explicitly

Kindly wait to see if there are more knowledgeable Let's Encrypt community volunteers willing to assist.

If you don't remember what you did then just start over

do you have login access to the server?

if so you should use certbot

try following the instructions there

Your cg-mag.com is using Amazon Cloudfront and an Amazon cert. You may well have another cert for HTTPS comms between Cloudfront and your Origin server but we can't see that "behind" Cloudfront.

Do you know how your Amazon system is setup?

Update:
Also note the DNS seems to be changing. Be sure to look only at authoritive DNS servers like with https://unboundtest.com or dnsviz

I'm using a wordpress instance via Amazon Lightsail

Do you recognise the name "Bitnami"?

Also curious if you have bitnami involved.

Did you also select Lightsail CDN? Because that is one way for CloudFront to be involved.

The only cert I can see active is an Amazon cert (see SSL Checker link). But, it is possible you are using Let's Encrypt cert "behind" CloudFront (or behind Lightsail CDN). You have to give us more info

In case you don't believe me about CloudFront, note the "Server" in the responses below. I assume the 404 Not Found is because I am not in Japan (the not-jp block rule)?

curl -I http://cg-mag.com
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Location: https://cg-mag.com/
X-Cache: Redirect from cloudfront
(other headers omitted)

curl -I https://cg-mag.com/
HTTP/2 404
server: CloudFront
x-block-rule: not-jp
x-cache: Error from cloudfront

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.