root@personal-website:~# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/vaibhavsingh97.me-0001.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for vaibhavsingh97.me
Waiting for verification...
Cleaning up challenges
-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/vaibhavsingh97.me-0001/fullchain.pem
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/vaibhavsingh97.me-0002.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for vaibhavsingh97.me
Waiting for verification...
Cleaning up challenges
-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/vaibhavsingh97.me-0002/fullchain.pem
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/vaibhavsingh97.me.conf
-------------------------------------------------------------------------------
expected /etc/letsencrypt/live/vaibhavsingh97.me/cert.pem to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/vaibhavsingh97.me.conf is broken. Skipping.
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/vaibhavsingh97.me-0001/fullchain.pem (success)
/etc/letsencrypt/live/vaibhavsingh97.me-0002/fullchain.pem (success)
Additionally, the following renewal configuration files were invalid:
/etc/letsencrypt/renewal/vaibhavsingh97.me.conf (parsefail)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
0 renew failure(s), 1 parse failure(s)
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
My web server is (include version):
nginx version: nginx/1.10.3 (Ubuntu)
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
The operating system my web server runs on is (include version): 4.4.0-83-generic #106-Ubuntu SMP Mon Jun 26 17:54:43 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
My hosting provider, if applicable, is: Digitalocean
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
Hi! I know and i messed up. Can you please guide me?
Also Issuing: cetbot --nginx
gives me error
root@personal-website:~# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: vaibhavsingh97.me
2: www.vaibhavsingh97.me
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):1
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for vaibhavsingh97.me
nginx: [emerg] SSL_CTX_load_verify_locations("/etc/letsencrypt/live/vaibhavsingh97.me/chain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/vaibhavsingh97.me/chain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib)
Cleaning up challenges
nginx restart failed:
One of your certificate chains is broken and unfortunately the broken one i think is the one you are using with your nginx
A) Run Certbot certificates
This will give you a list of all the certificates that certbot currently manages (there should be 3)
B) I can see you have 3 chains
/etc/letsencrypt/renewal/vaibhavsingh97.me.conf <-broken
/etc/letsencrypt/renewal/vaibhavsingh97.me-0002.conf <- good
/etc/letsencrypt/renewal/vaibhavsingh97.me-0001.conf <- good
Thanks Andrei
It’s not working so i deleted the /etc/letsencrypt/renewal/vaibhavsingh97.me.conf and regenerating new conf but i am not able to do so
root@personal-website:~# sudo certbot certonly --webroot --webroot-path=/var/www/html -d vaibhavsingh97.me -d www.vaibhavsingh97.me
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vaibhavsingh97.me
http-01 challenge for www.vaibhavsingh97.me
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.vaibhavsingh97.me (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://vaibhavsingh97.me/.well-known/acme-challenge/b7UG_QQ0NW2bTMUz7agft3TkfSTc0DdUWmvvjfBSHcc: Timeout
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.vaibhavsingh97.me
Type: connection
Detail: Fetching
https://vaibhavsingh97.me/.well-known/acme-challenge/b7UG_QQ0NW2bTMUz7agft3TkfSTc0DdUWmvvjfBSHcc:
Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
root@personal-website:~# sudo certbot certonly --webroot --webroot-path=/var/www/html -d vaibhavsingh97.me -d www.vaibhavsingh97.me
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vaibhavsingh97.me
http-01 challenge for www.vaibhavsingh97.me
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.vaibhavsingh97.me (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://vaibhavsingh97.me/.well-known/acme-challenge/fn26NE67uxoy6XwXwypFerPXsYCso-WWrVnBolQKvEI: Timeout
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.vaibhavsingh97.me
Type: connection
Detail: Fetching
https://vaibhavsingh97.me/.well-known/acme-challenge/fn26NE67uxoy6XwXwypFerPXsYCso-WWrVnBolQKvEI:
Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Failed authorization procedure. www.vaibhavsingh97.me (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://vaibhavsingh97.me/.well-known/acme-challenge/fn26NE67uxoy6XwXwypFerPXsYCso-WWrVnBolQKvEI: Timeout
issuing multiple certificates is how you got in to this mess in the first place (so why are you trying to do it again). you have a perfectly valid certificate chain you can use
please follow my instructions carefully - updating the symlinks should fix the problem you are facing
alternatively feel free to fix it in a way that makes sense to you but note that I will not be providing further assistance
sorry to be blunt but I am not sure why you are trying to make this harder that it needs to be
Now on certbot update_symlink issuing this coomand gives me this output
root@personal-website:~# certbot update_symlinks
Saving debug log to /var/log/letsencrypt/letsencrypt.log
log: https://paste2.org/ncPC75V2
What should i do now?