Help-Install Certificate always expired!

I am running a wordpress site on lightsail. I successfully installed the a letsencrypt certificate on the site 90 days ago. It expired. I re ran the same scripts located here (the lego version, second half of the site).
https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

It says that certificate was successfully installed and I can see it in the directory. I copy it to apache server site and restart the server. Wordpess works, the site works, but the certificate is expired. I have tried everything. Can some let me know if there is a consultant I can hire to just set this up correctly? Its been four hours and Its at that point… All i need is for someone to log in, install it and verify that it works.

My domain is: bounte.net

I ran this command:

My web server is (include version): ubuntu

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: AWS / . Lightsail

Hi @sinclas

you have 6 active certificates, 5 from the last days ( https://check-your-website.server-daten.de/?q=bounte.net#ct-logs ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
945348888 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-02 17:15:06 2019-08-31 17:15:06 bounte.net, www.bounte.net - 2 entries duplicate nr. 5 next Letsencrypt certificate: 2019-06-09 15:03:26
945297183 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-02 16:22:58 2019-08-31 16:22:58 bounte.net, www.bounte.net - 2 entries duplicate nr. 4
945283761 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-02 16:11:37 2019-08-31 16:11:37 bounte.net, www.bounte.net - 2 entries duplicate nr. 3
945269617 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-02 15:58:32 2019-08-31 15:58:32 bounte.net, www.bounte.net - 2 entries duplicate nr. 2
945216047 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-02 15:03:26 2019-08-31 15:03:26 bounte.net, www.bounte.net - 2 entries duplicate nr. 1
880524603 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-04-25 14:04:09 2019-07-24 14:04:09 bounte.net, www.bounte.net - 2 entries

But the certificate you use is 19 days expired:

CN=bounte.net
	13.02.2019
	14.05.2019
19 days expired	
bounte.net, www.bounte.net - 2 entries

Looks like you have copied the wrong certificate.

Use

certbot certificates

to find your newest certificate, then install that.

Hi,

I installed certbot, and ran it:

An unexpected error occurred:

There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: bounte.net,www.bounte.net: see https://letsencrypt.org/docs/rate-limits/

Then ran certbot certificates:

bitnami@ip-172-26-15-116:~$ sudo certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Revocation status for /etc/letsencrypt/live/bounte.net/cert.pem is unknown


Found the following certs:

Certificate Name: bounte.net

Domains: [bounte.net](http://bounte.net) [www.bounte.net](http://www.bounte.net)

Expiry Date: 2019-05-14 20:16:34+00:00 (INVALID: EXPIRED)

Certificate Path: /etc/letsencrypt/live/[bounte.net/fullchain.pem](http://bounte.net/fullchain.pem)

Private Key Path: /etc/letsencrypt/live/[bounte.net/privkey.pem](http://bounte.net/privkey.pem)

Can I get the download count reset so I can just run sudo certbot —apache?

Thanks!

Steve

Can you post the output of “sudo ls -alR /etc/letsencrypt/{archive,live,renewal}”?

Looks like you have deleted your newer certificates.

No. If you delete or revoke certificates, that doesn't change the rate limit.

Guys, he didn’t use certbot… He used the Lego client as used in that how-to he linked to…

1 Like

Hi, this was the output:

sudo ls -alR /etc/letsencrypt/{archive,live,renewal}/etc/letsencrypt/archive:

total 12

drwx------ 3 root root 4096 Feb 13 21:16 .

drwxr-xr-x 9 root root 4096 Jun 2 20:07 …

drwxr-xr-x 2 root root 4096 Feb 13 21:16 bounte.net

/etc/letsencrypt/archive/bounte.net:

total 24

drwxr-xr-x 2 root root 4096 Feb 13 21:16 .

drwx------ 3 root root 4096 Feb 13 21:16 …

-rw-r–r-- 1 root root 1919 Feb 13 21:16 cert1.pem

-rw-r–r-- 1 root root 1647 Feb 13 21:16 chain1.pem

-rw-r–r-- 1 root root 3566 Feb 13 21:16 fullchain1.pem

-rw------- 1 root root 1704 Feb 13 21:16 privkey1.pem

/etc/letsencrypt/live:

total 16

drwx------ 3 root root 4096 Feb 13 21:16 .

drwxr-xr-x 9 root root 4096 Jun 2 20:07 …

drwxr-xr-x 2 root root 4096 Feb 13 21:16 bounte.net

-rw-r–r-- 1 root root 740 Feb 13 21:16 README

/etc/letsencrypt/live/bounte.net:

total 12

drwxr-xr-x 2 root root 4096 Feb 13 21:16 .

drwx------ 3 root root 4096 Feb 13 21:16 …

lrwxrwxrwx 1 root root 34 Feb 13 21:16 cert.pem -> …/…/archive/bounte.net/cert1.pem

lrwxrwxrwx 1 root root 35 Feb 13 21:16 chain.pem -> …/…/archive/bounte.net/chain1.pem

lrwxrwxrwx 1 root root 39 Feb 13 21:16 fullchain.pem -> …/…/archive/bounte.net/fullchain1.pem

lrwxrwxrwx 1 root root 37 Feb 13 21:16 privkey.pem -> …/…/archive/bounte.net/privkey1.pem

-rw-r–r-- 1 root root 692 Feb 13 21:16 README

/etc/letsencrypt/renewal:

total 12

drwxr-xr-x 2 root root 4096 Feb 13 21:16 .

drwxr-xr-x 9 root root 4096 Jun 2 20:07 …

-rw-r–r-- 1 root root 661 Feb 13 21:16 bounte.net.conf

Ok, if you use Lego: I don’t use that client.

But checking

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

/opt/bitnami/letsencrypt/certificates

should be the directory with your certificates. What’s the content of that directory? Are there the newer certificates?

There was a change to the /opt/bitnami/apache2/conf/bitnami/bitnami.conf file where it sdomehow was reverted back to the old directory for certificates. I thought the problem was lego since the directory paths and everything associated with it worked in the past., Note to self, check the conf file first then verfiy cert. My bad for not checking. Thanks for everyones help. The verification that the cert was correct got me going to the checking the configuration.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.