How to renew letsencrypt SSL certificate on Amazon EC2 Linux server

kmsg · June 30, 2023, 5:50pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:https://www.keepmystreetgreen.org/

I ran this command: $curl https://www.keepmystreetgreen.org/ -v

It produced this output:

Trying 3.135.228.51:443...
Connected to www.keepmystreetgreen.org (3.135.228.51) port 443 (#0)
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /opt/bitnami/common/openssl/certs/curl-ca-bundle.crt
CApath: none
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.3 (OUT), TLS alert, certificate expired (557):
SSL certificate problem: certificate has expired
Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: curl - SSL CA Certificates

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
$

My web server is (include version):

The operating system my web server runs on is (include version):
Linux ip-172-31-28-33 4.19.0-10-cloud-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64 GNU/Linux

My hosting provider, if applicable, is:
Amazon EC2 Linux Server

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
$ certbot --version
-bash: certbot: command not found
$ certbot-auto --version
-bash: certbot-auto: command not found

Thanks

Bruce5051 · June 30, 2023, 5:53pm

Hello @kmsg, welcome to the Let's Encrypt community.

Here is a list of issued certificates crt.sh | www.keepmystreetgreen.org, the latest being 2023-06-28. Looks like it was successfully renew then.

Bruce5051 · June 30, 2023, 5:56pm

However, for some reason, an expired certificate is being served up by the web server
https://decoder.link/sslchecker/www.keepmystreetgreen.org/443

rg305 · June 30, 2023, 6:08pm

How do you get certificates?
What is the procedure you follow / script you run afterwards?

kmsg · June 30, 2023, 6:13pm

How to fix this issue now?

kmsg · June 30, 2023, 6:15pm

It was installed few years ago.

Bruce5051 · June 30, 2023, 6:15pm

What is the issue, you have the renewed certificate now all you have to do is use it.

rg305 · June 30, 2023, 6:16pm

And?

Do you have any documentation on the process?
What "happens" when a cert is obtained?

kmsg · June 30, 2023, 6:17pm

I restarted my services.
I still getting the error , when I launch website, "Not a secure a Website"

What steps I need do perform to use the new certificate?

rg305 · June 30, 2023, 6:18pm

The same steps your site has been doing for years.
Do I know what they are? NO.

And we circle back around...

barf7709 · June 30, 2023, 6:41pm

Maybe this will help How to renew certificate for bitnami/ec2/linux/wordpress - #6 by kmsg

kmsg · June 30, 2023, 7:21pm

Hi,

I did below steps, still no Luck..

stop all services
$sudo /opt/bitnami/ctlscript.sh stop
Renew Certificate

$ sudo /opt/bitnami/letsencrypt/lego --tls --email="admin@keepmystreetgreen.org " --domains="www.keepmystreetgreen.org" --domains="keepmystreetgreen.org" --path="/opt/bitnami/letsencrypt" run

--This completed with last line:
2023/06/30 18:58:57 [INFO] [www.keepmystreetgreen.org] Server responded with a certificate.

Restarted services

$sudo /opt/bitnami/ctlscript.sh start

curl https://www.keepmystreetgreen.org/ -v

Output shows:

SSL certificate problem: certificate has expired
Closing connection 0
curl: (60) SSL certificate problem: certificate has expired

Not sure, what else to run to update certificate.

Thanks

barf7709 · June 30, 2023, 7:30pm

And what about?

kmsg · June 30, 2023, 7:42pm

Hi

$ sudo /opt/bitnami/bncert-tool keepmystreetgreen.org

Error: There has been an error.
Expected option but got "keepmystreetgreen.org". Options start with a leading
"--" prefix
Use --help to get a list of valid options

Thanks

kmsg · June 30, 2023, 7:42pm

Seems the syntax is not correct..
What prefix should we use?

barf7709 · June 30, 2023, 7:56pm

I don't know, I only quoted what you previously said. I would think you would know better than any guess I might make.

system · July 30, 2023, 7:57pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.