Errors of certificate renewals


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://faxgun.com

I ran this command: sudo certbot renew --dry-run --preferred-challenges http-01,dns-01

It produced this output:

/usr/lib/python2.7/dist-packages/requests/init.py:80: RequestsDependencyWarning: urllib3 (1.21.1) or chardet (2.2.1) doesn’t match a supported version!
RequestsDependencyWarning)
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/faxgun.com.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
Attempting to renew cert (faxgun.com) from /etc/letsencrypt/renewal/faxgun.com.conf produced an unexpected error: None of the preferred challenges are supported by the selected plugin. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/faxgun.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/faxgun.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)

My web server is (include version): nginx/1.4.6

The operating system my web server runs on is (include version): Ubuntu 14.04.5 LTS

My hosting provider, if applicable, is: godaddy

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, I use command line


#2

Hi @David8

these

are the two standard challenges. So if you have this error

your certbot looks too old. Update your Certbot.


#3

Thanks Juergen for the quick response. I updated the certbot and now it prints info below.

Looks like the dry-run is successful. So now what should I do before Feb? Is it renewed? I want to make sure it will be smoothly renewed when you guys stop the old TLS-SNI-01.

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/faxgun.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for faxgun.com
http-01 challenge for www.faxgun.com
Waiting for verification…
Cleaning up challenges


new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/faxgun.com/fullchain.pem



** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/faxgun.com/fullchain.pem (success)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)



#4

Your certificate is valide end 2019-03:

CN=faxgun.com
	28.12.2018
	28.03.2019
	faxgun.com, www.faxgun.com - 2 entries

So check end 2019-02, begin 2019-03 if the certificate is renewed.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.