How to renew expired Let's Encrypt certificate

witan4702 · August 7, 2019, 7:15am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:924so67d3xjz1kgcyojb4iwrkw8dyjgy.ui.nabu.casa

I ran this command:certbot renew --force-renewal

It produced this output:The following error was encountered:
[Errno 13] Permission denied: ‘/var/log/letsencrypt/.certbot.lock’
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.

My web server is (include version):

The operating system my web server runs on is (include version):Linux raspberrypi 4.19.57-v7+ #1244 SMP

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Thanks.

JuergenAuer · August 7, 2019, 7:22am

Hi @witan4702

run your command as root or add sudo.

PS: Your http doesn't work - https://check-your-website.server-daten.de/?q=924so67d3xjz1kgcyojb4iwrkw8dyjgy.ui.nabu.casa

Domainname	Http-Status	Sec.	G
• http://924so67d3xjz1kgcyojb4iwrkw8dyjgy.ui.nabu.casa/
52.201.207.152	-14	10.027	T
Timeout - The operation has timed out

• https://924so67d3xjz1kgcyojb4iwrkw8dyjgy.ui.nabu.casa/
52.201.207.152	-4	0.447	W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream.

• http://924so67d3xjz1kgcyojb4iwrkw8dyjgy.ui.nabu.casa:443/
52.201.207.152	-8	0.447	A
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
Visible Content:

• http://924so67d3xjz1kgcyojb4iwrkw8dyjgy.ui.nabu.casa/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
52.201.207.152	-14	10.014	T
Timeout - The operation has timed out

An open port 80 is required, checking a file in /.well-known/acme-challenge must work.

Fatal: Check of /.well-known/acme-challenge/random-filename has a timeout.
Creating a Letsencrypt certificate via http-01 challenge can't work.
You need a running webserver (http) and an open port 80. If it's a home server + ipv4,
perhaps a correct port forwarding port 80 extern ⇒ working port intern is required.
Port 80 / http can redirect to another domain port 80 or port 443, but not other ports.
If it's a home server, perhaps your ISP blocks port 80.
Then you may use the dns-01 challenge.

witan4702 · August 7, 2019, 11:44pm

hi!
i did run certbot renew command as root it done

thanks sir,

system · September 6, 2019, 11:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.