Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jfish.it

My web server is (include version): NGINX

The operating system my web server runs on is (include version): Ubuntu 9.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk but now server can’t use Plesk anymore

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hallo,

i have a problem while trying to renew my certificates because certificates were created using Plesk but now server can’t use Plesk anymore to renew them. Actual valid certificate are stored now in /opt/psa/var/certificates/ folder but when i run “Certbot certificates” then no certificates are recognized and when i run “Certbot renew” then non Certificates are renewed. I think that the problem is that Cerbot package is pointing to path /etc/letsencrypt while Plesk pointed to another path. Could you please help me to understand how can i renew those Certificates now? Thanks

Hi @YanezCert

that's expected.

And certbot renew is the wrong command.

You have to start new.

sudo certbot

then select the correct options.

https://certbot.eff.org/docs/using.html

Renew works only if you have already created certificates.

@YanezCert To explain in more detail what @JuergenAuer means: certbot and other clients (like used by Plesk) don’t use the same configuration and/or means of file storage and there isn’t any straight forward way to “convert” configurations/files from one client to another. The already created certificates by the ACME client used by Plesk aren’t available to certbot. That’s why it’s most straight forward just to create new certificates.

That said, in theory it’s possible to use the previously issued certificates/private keys et cetera, but that would mean a lot of manual converting without any garuantee it will succeed.

Also, I’m assuming you’re not going to use Plesk any longer? But if you do intent to use Plesk again in the future, please notice the above also goes the other way around: the ACME client used by Plesk can’t use the new certificates issued by certbot automatically.

Hallo,

if i simply run “Certbot” then i can see a list of domains to be selected for Certificate but domain i need to renew (jfish.it - www.jfish.it) is not present.

if i try to run the following command :

certbot certonly --manual

then i receive the following response. In this case i entered “www.jfish.it” domain but the very same happened while entering “jfish.it” domain

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): www.jfish.it
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.jfish.it

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: Y

Create a file containing just this data:

zuD1OwIAWwYZFwXvnL692a6QGwDGw8pSY53Vz7bt3s8.wHBdbdEZYaNAlEuYIOHNrHpaYWRQoo8WdNTP3kdwgDs

And make it available on your web server at this URL:

http://www.jfish.it/.well-known/acme-challenge/zuD1OwIAWwYZFwXvnL692a6QGwDGw8pSY53Vz7bt3s8

Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.jfish.it (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://jfish.it/.well-known/a cme-challenge/zuD1OwIAWwYZFwXvnL692a6QGwDGw8pSY53Vz7bt3s8 [62.149.181.213]: “\r\n404 Not Found\r\n\r\n

404 Not Found

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: www.jfish.it
  Type: unauthorized
  Detail: Invalid response from
  https://jfish.it/.well-known/acme-challenge/zuD1OwIAWwYZFwXvnL692a6QGwDGw8pSY53Vz7bt3s8
  [62.149.181.213]: “\r\n404 Not
  Found\r\n\r\n

  404 Not
  Found

  \r\n

  ---

  nginx\r\n”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

this is really strange because domains “jfish.it” and “www.jfish.it” have a valid certificate now and IP address showed in log is the correct one [62.149.181.213]

Could you tell me what’s going on there?

Thanks

Hallo,

i have solved this issue by stopping NGINX webserver and then running command “certbot certonly --standalone” for domain “jfish.it”.

I have received back this message :

IMPORTANT NOTES:

• Congratulations! Your certificate and chain have been saved at:
  /etc/letsencrypt/live/jfish.it-0001/fullchain.pem
  Your key file has been saved at:
  /etc/letsencrypt/live/jfish.it-0001/privkey.pem
  Your cert will expire on 2020-07-25. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot
  again. To non-interactively renew all of your certificates, run
  “certbot renew”

The problem has been solved

Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.