How to renew certificate?

JackyIu1971 · March 11, 2021, 9:31am

I receive following email but don't know how to renew
Please assist

Hello,

Your certificate (or certificates) for the names listed below will expire in 10 days (on 24 Feb 21 02:06 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let's Encrypt's current 90-day certificates, that means
renewing 30 days before expiration. See
Integration Guide - Let's Encrypt - Free SSL/TLS Certificates for details.

*.macjob.com.hk
macjob.com.hk

Osiris · March 11, 2021, 6:32pm

The method of renewing depends on how you got the (first) certificate in the first place. When opening a thread in the #Help section, like you did, you should have been presented with a questionnaire which is required to give proper advice. You seem to have not gotten it or you might have removed it consciously. In any case we really need that info. I'll paste the (slightly modified) questionnaire below.

That said, I see you've managed to issue FIVE certificates for your hostnames already these past two days:

https://crt.sh/?q=macjob.com.hk&deduplicate=y

So it seems you're perfectly able to renew the certificate?

Here is the questionnaire, please answer every answer to the best of your knowledge. If you don't know the answer, please tell us so:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: *.macjob.com.hk / macjob.com.hk

I ran this command or followed the following steps when I first got the certificate:

Trying to renew produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

JackyIu1971 · March 23, 2021, 7:30am

Our IT partner issue the cert., and now he left. Leaving the mess for us to follow. We don't know how to renew and now our homepage timedout for several tens days.

Please assist us, we just want our homepage working.

schoen · March 23, 2021, 7:43pm

Hi @JackyIu1971,

I'm sorry that you ended up in that situation.

We would like to help, but the method of renewing depends completely on your software environment. There is not a generic universal way to renew Let's Encrypt certificates. In fact, there are around 100 different tools that can obtain certificates from the Let's Encrypt service.

So it would still be best if you could fill out this questionnaire explaining whatever you know about how your site is hosted.

The fact that your certificate contains a wildcard (*.) could be a clue to the problem. By Let's Encrypt policy, wildcard certificates require a DNS TXT record to be created to prove your control over the domain name. The DNS TXT record contains a special value, which is different for every renewal. This can be difficult to automate; not all DNS hosting and not all Let's Encrypt client applications allow that. In that case, it might be necessary to perform a manual step (whose details still depend on which software you are using) every time in order to renew a certificate containing a wildcard.

JackyIu1971 · April 12, 2021, 7:41am

Dear Osiris,

Sorry for late reply, because of I need to learn a lot to answer your questionnaire.

Here is the answer:

"My domain is: *.macjob.com.hk / macjob.com.hk

I ran this command or followed the following steps when I first got the certificate:

Trying to renew produced this output: Not renewing any certificate/ want to install new one

My web server is (include version): Apache/2.4.43 (Unix)
Server built: Jun 9 2020 12:49:36

The operating system my web server runs on is (include version): PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No control panel, I'm using Bitnami environment

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):" certbot 0.31.0

certbot-auto --version

Skipping bootstrap because certbot-auto is deprecated on this system.
/opt/bitnami/letsencrypt/certbot-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deploymen
t-best-practices/91979/
Upgrading certbot-auto 1.13.0 to 1.14.0...
Replacing certbot-auto...
Your system is not supported by certbot-auto anymore.
Certbot cannot be installed.
Please visit https://certbot.eff.org/ to check for other alternatives."

Wish that it is ok to renew our certificate.
Looking forwards to your kindly reply.

B/R
Jacky
Macjob

Osiris · April 12, 2021, 4:16pm

Bitnami stacks are very different compared to "normal" software configurations on mainstream Linux/Unix distributions. How did you get things working in the first place? Because certbot is generally not recommended for Bitnami stacks, at least not directly.

See for example the official Bitnami guide for Let's Encrypt certificates, using its build in bncert-tool: Generate and Install a Let's Encrypt SSL Certificate for a Bitnami Application

JackyIu1971 · April 13, 2021, 3:14am

Dear Osiris,

I visit the site he recommanded:
https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

run the commands
sudo /opt/bitnami/bncert-tool

I got following respond:
"Warning: Custom redirections were detected in your web server configuration
files. This tool will not be able to enable/disable redirections.
Press [Enter] to continue:

Osiris · April 13, 2021, 5:51am

Yeah, I'm not sure how to proceed when you've already set up your certificate in a very different way. It seems to "bite" the recommended Bitnami method. However, I feel I don't have enough experience with Bitnami (read: zero experience) to help you with this, but I hope someone else does!

JackyIu1971 · April 27, 2021, 10:25am

Dear Osiris,

It need to done at Bluehost. Finally I update successfully, thanks!

Jacky

system · May 27, 2021, 10:25am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I Want To Renew My SSL Certificate Help	6	837	November 13, 2021
SSL certificate failed to renew Help	8	950	June 10, 2018
Your certificate (or certificates) for the names listed below will expire in 11 days (on 28 Oct 21 05:03 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors. We recommend renewing certificate Help	8	2378	November 17, 2021
Ssl certificate renewal Help	6	546	August 31, 2022
Certificate is expiring on 2022-03-09 but renew not allowed Help	5	853	April 3, 2022

How to renew certificate?

Related topics