How to renew cert on AWS LINUX AMI Wordpress

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
packetconsulting.ca
www.packetconsulting.ca
I ran this command:
certbot --version
It produced this output:
-bash: certbot: command not found
My web server is (include version):

The operating system my web server runs on is (include version):
AWS Linux AMI
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi @andsouth44

your certificate is only 4 days valid:

CN=packetconsulting.ca
	01.02.2019
	02.05.2019
expires in 4 days	
packetconsulting.ca, www.packetconsulting.ca - 2 entries

How did you create that certificate?

What says ls -al with the following directories:

/etc/letsencrypt
/var/log/letsencrypt
/var/lib/letsencrypt

Do you run the command as root or with sudo?

Your first certificate is from 2017-12-07, so you may have a very old certbot version and you may have used tls-sni-01 validation. That's not longer supported, so you have to update your client.

Is there

an update?

Unfortunately I can’t remember how I created the certificate.

[ec2-user@ip-10-1-1-99 ~] ls -al /etc/letsencrypt total 44 drwxr-xr-x 9 root root 4096 Apr 28 01:39 . drwxr-xr-x 87 root root 4096 Apr 28 10:55 .. drwx------ 3 root root 4096 Dec 7 2017 accounts drwx------ 3 root root 4096 Dec 7 2017 archive drwxr-xr-x 2 root root 4096 Feb 1 01:39 csr drwx------ 2 root root 4096 Feb 1 01:39 keys drwx------ 3 root root 4096 Dec 7 2017 live -rw-r--r-- 1 root root 1637 Dec 7 2017 options-ssl-apache.conf drwxr-xr-x 2 root root 4096 Feb 1 01:39 renewal drwxr-xr-x 5 root root 4096 Dec 7 2017 renewal-hooks -rw-r--r-- 1 root root 64 Dec 7 2017 .updated-options-ssl-apache-conf-digest.txt [ec2-user@ip-10-1-1-99 ~]

[ec2-user@ip-10-1-1-99 ~]$ sudo ls -al /var/log/letsencrypt
total 9196
drwx------ 2 root root 40960 Apr 28 01:39 .
drwxr-xr-x 8 root root 4096 Apr 28 03:29 …
-rw-r–r-- 1 root root 22431 Apr 28 01:39 letsencrypt.log
-rw-r–r-- 1 root root 22431 Apr 27 13:39 letsencrypt.log.1
-rw-r–r-- 1 root root 22431 Apr 23 01:39 letsencrypt.log.10
-rw-r–r-- 1 root root 7269 Mar 9 01:39 letsencrypt.log.100
-rw-r–r-- 1 root root 7269 Mar 8 13:39 letsencrypt.log.101
etc…

[ec2-user@ip-10-1-1-99 ~] sudo ls -al /var/lib/letsencrypt total 12 drwxr-xr-x 3 root root 4096 Apr 28 01:39 . drwxr-xr-x 23 root root 4096 Apr 28 10:54 .. drwxr-xr-x 4 root root 4096 Dec 7 2017 backups [ec2-user@ip-10-1-1-99 ~]

I have tried running certbot --version as ec2-user and root with the same result.

[root@ip-10-1-1-99 ec2-user]# cd /etc/letsencrypt
[root@ip-10-1-1-99 letsencrypt]# ls
accounts csr live renewal
archive keys options-ssl-apache.conf renewal-hooks

[root@ip-10-1-1-99 letsencrypt]# cd renewal
[root@ip-10-1-1-99 renewal]# ls
packetconsulting.ca.conf

[root@ip-10-1-1-99 renewal]# less packetconsulting.ca.conf

renew_before_expiry = 30 days

version = 0.20.0
archive_dir = /etc/letsencrypt/archive/packetconsulting.ca
cert = /etc/letsencrypt/live/packetconsulting.ca/cert.pem
privkey = /etc/letsencrypt/live/packetconsulting.ca/privkey.pem
chain = /etc/letsencrypt/live/packetconsulting.ca/chain.pem
fullchain = /etc/letsencrypt/live/packetconsulting.ca/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = apache
installer = apache
account = b1a7393c519ad4d6dbf35cc0ffbc2d78
packetconsulting.ca.conf (END)

I ran the install process from the Certbot process you attached and it worked.
The cert has renewed.
Now I will try and set up the auto renew cron job.

Thanks!

Looks like the cron was set up by the certbot install process.
So all good.
Thanks for your help.

That's very old.

Yep, that had worked. Now you have a new certificate

CN=packetconsulting.ca
	28.04.2019
	27.07.2019
expires in 90 days	
packetconsulting.ca, www.packetconsulting.ca - 2 entries

and a good Grade B.

Check it in 65 days again. Then the renew should be done. Looks really like you had used tls-sni-01 validation.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.