Have you contacted your hosting / DNS provider to fix your DNS ??? Shout if you need help.
I totally agree: there is probably nothing wrong with either your copy of Certbot or with the original renewal configuration, but these DNS entries pointing at other servers means that the certificate authority connects to those other servers, not to your servers, to check the configuration changes that Certbot is making to prove your control over the domain name. Those configuration changes have not been made on the other servers and so the certificate authority can’t find or confirm them there.
The DNS problem has been fixed
There is no error in renewing now:
[root@10-13-54-22 ~]# sudo ./certbot-auto renew --quiet
[root@10-13-54-22 ~]#
However, the query browser information certificate is still not updated…
Hi @songkqx1c,
You’ll see much more detailed information if you leave off the --quiet option, which suppresses most output from Certbot.
I believe that what you’ll see in this case is that Certbot says the certificate does not need to be renewed, because it was already renewed earlier today:
In this case, if you’re not seeing the new certificate when visiting the site with a browser, we need to look into how your web server software is configured.
hi , im’ songkqx1c:
You’ve, reached, the, maximum, number, replies, a, new, user, can, create, on, their, first, day., Please, wait, of, hours, before, trying, again.
@schoen Has the contract been signed yet?
Function:
./certbot-auto renew --force-renewal
There was a slip of paper:
Hook command “/etc/init.d/nginx reload” returned error code 7
The browser has not refreshed the expiration date of the certificate
Hi @songkqx1c1 / @songkqx1c,
Can you restart nginx yourself? Or have you already done so?
I agree that the new certificate does not seem to be used on the site yet, and I’m not sure why that is, but it will have to do with the web server configuration rather than the certificate issuance process.
Thank you @schoen @Mitchellk
I’ve found all the problems
Now all the problems have been successfully solved!!
Again, thank you very much!
1 Like
That’s great! I’m glad Let’s Encrypt is working for you.
certbot -d zooliv.com --manual --preferred-challenges dns certonly (dns challenge - will requre to add TXT record to domain DNS - usefull if domain redirected with port number)
1 Like
@songkqx1c1while you managed to fix the issues with your A records, your DNS still has some inherent problems that must be addressed. DNS tests should never look like this. http://dnscheck.pingdom.com/?domain=zooliv.com×tamp=1506069295&view=1
This is how a clean DNS test should look
http://dnscheck.pingdom.com/?domain=mitchellkrog.com×tamp=1506070133&view=1
The entire internet revolves around DNS so I would seriously address this with your provider and get your DNS cleaned up 100%.
1 Like
Hello,
I think that you have wrong nginx configuration.
Do you allow /.well-known/acme-challenge/ to be opened ?
@Mrvn Renewal issue has already been resolved which was being caused by 2 incorrect A records for 2 domains specified in the original certificate. Not sure if the nginx vhost is configured correctly yet with /acme-challenge/ as we never got that far.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.