Having trouble renewing certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: landfieldstudio.com

I ran this command: sudo certbot certonly --webroot

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): landfieldstudio.com
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/landfieldstudio.com.conf)

What would you like to do?


1: Keep the existing certificate for now
2: Renew & replace the certificate (may be subject to CA rate limits)


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for landfieldstudio.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/landfieldstudio.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/landfieldstudio.com/privkey.pem
This certificate expires on 2022-09-23.
These files will be updated when the certificate renews.

NEXT STEPS:

  • The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See User Guide — Certbot 1.28.0 documentation for instructions.

If you like Certbot, please consider supporting our work by:


My web server is (include version): Filemaker server 19.4.2.204

The operating system my web server runs on is (include version): MacOS

My hosting provider, if applicable, is: self hosted

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.28.0

I've run Certbot, and I've restarted my server, but it doesn't recognize the renewed certificate. Please help!

Do you mean your Apache server? If so, please show us the result of:

sudo apachectl -t -D DUMP_VHOSTS

and

sudo certbot certificates

I see you renewed this cert several times before. Was there anything you did differently this time?

2 Likes

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.50.56. Set the 'ServerName' directive globally to suppress this message

VirtualHost configuration:

landfieldstudio@Landfields-Mini ~ % sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: landfieldstudio.com
Serial Number: 33a3d27b083c6e02eb892f5a5c6d6b057f9
Key Type: RSA
Domains: landfieldstudio.com
Expiry Date: 2022-09-23 16:50:05+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/landfieldstudio.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/landfieldstudio.com/privkey.pem


The last time I renewed the certificate, I think I ran a GetSSL.sh script from my desktop. But for some reason it isn't working this time.

Was there any other output from that apachectl command?

2 Likes

no that was it.

Here is something else though:

I ran this: httpd -v or /usr/local/apache/bin/httpd -v
Server version: Apache/2.4.48 (Unix)
Server built: Oct 1 2021 20:08:18

What URL are you trying when you say the new cert is not recognized?

2 Likes

https://landfieldstudio.com

OK, good. Can you show me the apache conf file for that server? It responds like this:

curl -Ik https://landfieldstudio.com

HTTP/1.1 200 OK
Date: Sat, 25 Jun 2022 18:24:59 GMT
Server: Apache
Last-Modified: Wed, 15 Dec 2021 23:42:45 GMT
ETag: "23b-5d337dcd28740"
Content-Length: 571
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: Landfields-Mac-mini.local
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Credentials: true
Content-Type: text/html
1 Like

how do I share that file with you

Can you upload it? There is an upload icon in the format menu for each post.

Or, locate any lines with SSLCertificate... and just show those

1 Like

httpd.txt (21.1 KB)

Had to change the suffix to txt in order to upload. But this what I found.

Ok. Are there any files in this folder? You are including them from that Apache config file

Include /private/etc/apache2/other/*.conf

2 Likes

yes there are two.
mpm.txt (205 Bytes)
php7.txt (194 Bytes)

Wait. Are you showing me the output of Apache conf from the server that responds to requests for https://landfieldstudio.com ?

Because I don't see any lines for an SSL Certificate. Yet, you have an Apache server that returns a cert that expired 9 days ago.

Did you run certbot on the server that runs this Apache instance?

nslookup landfieldstudio.com
Address: 68.237.204.252
2 Likes

This is where I am confused.

I ran Certbot the way that I have done it in the past, but clearly I have the directory wrong.
I am running a FileMaker Pro Server on this computer, and that is the one that needs to update its certificate.

I am not sure how to direct Certbot to run in that instance of Apache

How do you connect to that server?

And, do you need this url to work https://landfieldstudio.com (see posts #7 and #8)

2 Likes

The server is on my local machine so I have access to it both through the finder (Mac OS) and through Terminal.
yes, the URL https://landfieldstudio.com needs to work and have a renewed SSL certificate.

I don't know what that means.

I need to step away from your thread and re-think. Maybe another volunteer will understand what is happening better than I do with this.

In short, you created good certs you just need to get those files to the server responding to the https://landfieldstudio.com URL

I don't understand FileMaker at all so can't help you with that.

2 Likes

Solved the issue.

Stupidly, I had to run sudo sh .../GetSSL.sh

Working now-- thanks for your help!

2 Likes