How to renew cert on AWS LINUX AMI Wordpress

andsouth44 · April 28, 2019, 11:27am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
packetconsulting.ca
www.packetconsulting.ca
I ran this command:
certbot --version
It produced this output:
-bash: certbot: command not found
My web server is (include version):

The operating system my web server runs on is (include version):
AWS Linux AMI
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

JuergenAuer · April 28, 2019, 11:34am

Hi @andsouth44

your certificate is only 4 days valid:

CN=packetconsulting.ca
	01.02.2019
	02.05.2019
expires in 4 days	
packetconsulting.ca, www.packetconsulting.ca - 2 entries

How did you create that certificate?

What says ls -al with the following directories:

/etc/letsencrypt
/var/log/letsencrypt
/var/lib/letsencrypt

Do you run the command as root or with sudo?

Your first certificate is from 2017-12-07, so you may have a very old certbot version and you may have used tls-sni-01 validation. That's not longer supported, so you have to update your client.

Is there

an update?

andsouth44 · April 28, 2019, 12:26pm

Unfortunately I can’t remember how I created the certificate.

[ec2-user@ip-10-1-1-99 ~] ls -al /etc/letsencrypt total 44 drwxr-xr-x 9 root root 4096 Apr 28 01:39 . drwxr-xr-x 87 root root 4096 Apr 28 10:55 .. drwx------ 3 root root 4096 Dec 7 2017 accounts drwx------ 3 root root 4096 Dec 7 2017 archive drwxr-xr-x 2 root root 4096 Feb 1 01:39 csr drwx------ 2 root root 4096 Feb 1 01:39 keys drwx------ 3 root root 4096 Dec 7 2017 live -rw-r--r-- 1 root root 1637 Dec 7 2017 options-ssl-apache.conf drwxr-xr-x 2 root root 4096 Feb 1 01:39 renewal drwxr-xr-x 5 root root 4096 Dec 7 2017 renewal-hooks -rw-r--r-- 1 root root 64 Dec 7 2017 .updated-options-ssl-apache-conf-digest.txt [ec2-user@ip-10-1-1-99 ~]

[ec2-user@ip-10-1-1-99 ~]$ sudo ls -al /var/log/letsencrypt
total 9196
drwx------ 2 root root 40960 Apr 28 01:39 .
drwxr-xr-x 8 root root 4096 Apr 28 03:29 …
-rw-r–r-- 1 root root 22431 Apr 28 01:39 letsencrypt.log
-rw-r–r-- 1 root root 22431 Apr 27 13:39 letsencrypt.log.1
-rw-r–r-- 1 root root 22431 Apr 23 01:39 letsencrypt.log.10
-rw-r–r-- 1 root root 7269 Mar 9 01:39 letsencrypt.log.100
-rw-r–r-- 1 root root 7269 Mar 8 13:39 letsencrypt.log.101
etc…

[ec2-user@ip-10-1-1-99 ~] sudo ls -al /var/lib/letsencrypt total 12 drwxr-xr-x 3 root root 4096 Apr 28 01:39 . drwxr-xr-x 23 root root 4096 Apr 28 10:54 .. drwxr-xr-x 4 root root 4096 Dec 7 2017 backups [ec2-user@ip-10-1-1-99 ~]

I have tried running certbot --version as ec2-user and root with the same result.

[root@ip-10-1-1-99 ec2-user]# cd /etc/letsencrypt
[root@ip-10-1-1-99 letsencrypt]# ls
accounts csr live renewal
archive keys options-ssl-apache.conf renewal-hooks

[root@ip-10-1-1-99 letsencrypt]# cd renewal
[root@ip-10-1-1-99 renewal]# ls
packetconsulting.ca.conf

[root@ip-10-1-1-99 renewal]# less packetconsulting.ca.conf

renew_before_expiry = 30 days

version = 0.20.0
archive_dir = /etc/letsencrypt/archive/packetconsulting.ca
cert = /etc/letsencrypt/live/packetconsulting.ca/cert.pem
privkey = /etc/letsencrypt/live/packetconsulting.ca/privkey.pem
chain = /etc/letsencrypt/live/packetconsulting.ca/chain.pem
fullchain = /etc/letsencrypt/live/packetconsulting.ca/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = apache
installer = apache
account = b1a7393c519ad4d6dbf35cc0ffbc2d78
packetconsulting.ca.conf (END)

andsouth44 · April 28, 2019, 12:37pm

I ran the install process from the Certbot process you attached and it worked.
The cert has renewed.
Now I will try and set up the auto renew cron job.

Thanks!

andsouth44 · April 28, 2019, 12:57pm

Looks like the cron was set up by the certbot install process.
So all good.
Thanks for your help.

JuergenAuer · April 28, 2019, 1:49pm

That's very old.

Yep, that had worked. Now you have a new certificate

CN=packetconsulting.ca
	28.04.2019
	27.07.2019
expires in 90 days	
packetconsulting.ca, www.packetconsulting.ca - 2 entries

and a good Grade B.

Check it in 65 days again. Then the renew should be done. Looks really like you had used tls-sni-01 validation.

system · May 28, 2019, 1:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
EC2 - Expired Certificate Renewal Help	19	2245	February 6, 2021
Failure to renew let's encrypt cert Help	2	730	January 12, 2019
Help with certificate renewal on Amazon Linux (1) Help	16	1556	February 18, 2019
Certbot-auto renew not working in linux ami Help	11	1653	September 29, 2019
How to install or renew LetsEncrypt certificate on AWS EC2 Ubuntu Help	2	2928	October 15, 2019

How to renew cert on AWS LINUX AMI Wordpress

renew_before_expiry = 30 days

Options used in the renewal process

Related topics