Can you please give me detailed instructions on how to resolve this?
We’ll need more information on what client you’re using and what operating system. Please also see my latest post - we’re working on some updates.
Thank You, I’m not an expert here my operating system is Ubuntu 16.05.5 LTS. Will a failure to renew cause my website to be unreachable? I’m using it as a moodle server and am afraid my online course will go offline right in the middle of the course.
You should check the expiration date of your certs (especially such a critical one).
If any are due for renewals soon, you should “test” the renewal (for example: with
--dry-run) to understand what will happen when that day comes.
Providing you now the most amount of time to deal with any renewal problem(s) that may be coming.
Are you using
certbot-auto to renew? How did you initially set up your certificate?
A failure to renew will indeed cause your site to be unreachable, but renewal only needs to happen every 60 days. You can look up your certificate name at https://crt.sh/ and check the “NotAfter” column to see when it expires.
Hi: I’m sorry, I installed let’s encrypt 2 or 3 years ago on my site and have never renewed a certificate manually so I guess I’m running certbot-auto? My not after is 4/10/2019
sudo crontab -l
[one of those two should show how the renewals are being done]
No problem, and no need to apologize. You’re doing great.
Excellent, so you have at least that long to get things sorted.
You can see what cronjobs you have running by using:
crontab -l sudo crontab -l ls -l /lib/systemd/system/certbot.timer
If you have
certbot-auto on any of those, you should be fine.
certbot-auto automatically upgrades itself, and the latest version supports the http-01 challenge.
If instead you have
certbot, you may need to manually upgrade. Probably the most straightforward thing to do is go to https://certbot.eff.org/ and follow the instructions there for your specific web server and OS.
Thanks for all your help, I think I got it resolved this way. I just updated everything on my ubuntu box by running
sudo apt-get update
sudo apt-get full-upgrade
Then I tested it with,
sudo certbot renew --dry-run
No errors came up and I saw that HTTP-01 was tested so I think I’m good to go.
The only issue is when I test the site with Let’s Debug it worked this morning but then didn’t work later this afternoon when I retested so that’s what made me panic. I think the Let’s Debug and Let’s Encrypt sited are just getting swamped this afternoon. Does this sound reasonable.
Can you elaborate on what type of error you saw? Most likely if this was due to too much traffic at Let’s Debug, you’d see a 500 error.
Let’s Debug worked for me this morning testing HTTP-01 and all was green. Then this afternoon it didn’t work and I kept retesting and it worked one other time again. After that I continued retesting and it gave me errors like
An internal error occurred while checking the domain
Failed to query certwatch database to check rate limits: dial tcp: i/o timeout
Ah, that does sound like a potential load problem in Let’s Debug. Thanks for the additional detail!
Thanks for your help. I’ll let you go to help someone else.
At Let’s Debug, I kill any queries to crt.sh’s database that take longer than 10 seconds (which is what we do to check rate limits).
This is in order to prevent overloading crt.sh.
I should probably re-categorize that warning as something less scary, sorry.
A post was split to a new topic: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA
I’ve just followed the instructions on this thread, as I’m in the same boat as dbnawrocki.
After updating my Ubuntu box I ran "sudo certbot renew --dry-run and got a “Congratulations, all renewals succeeded”. It looked to be using http-01 challenge?
Does this mean the situation is now resolved?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.