I got 1st renewal reminder, I'm lost

ATBBlog · March 28, 2022, 10:05pm

I got a cert, everything worked fine (Thanks so much!!), but I recently received a renewal reminder and I'm completely baffled. I can't find any of my notes from the original installation so I don't know what to do to get a renewal.

Also I had no account on letsencrypt (not sure why) so I created one just now.

Can you point me to some doc? I just don't know the next step.

My domain is:
aroundthebend.net
www.aroundthebend.net

My provider is Arvixe and they have to install certs for me.

It's Wordpress

_az · March 28, 2022, 10:14pm

If you obtained a certificate manually and sent it to your web host, then you will have to repeat that process again.

Let's Encrypt certificates have a 90 day lifetime, then they need to be replaced. This process is also called renewal, which you've received a reminder about.

In shared web hosting environments like yours, usually (and ideally) the platform would support automatically obtaining, installing and renewing certificates. Hosting platforms like cPanel and Plesk support this out of the box.

It looks like Arvixe doesn't support this type of arrangement, and your choices are to either send them a new Let's Encrypt certificate every 90 days, or pay them $25/year for a certificate and it looks like they'll do it for you. Depending how you value your time, the latter could be the better option.

You could also consider moving to one of the many other shared web hosting providers where automatic SSL comes for free.

ATBBlog · March 28, 2022, 10:22pm

Thanks! That was lightning fast.

That's exactly what I did. But I don't have the instructions... can you point me to a doc w/the steps for renewing manually?

_az · March 28, 2022, 10:31pm

I don't think there's any one set of instructions to do renewal manually, to be honest, since it's not really how the process is meant to go .

You could try download https://certbot.eff.org/ for your operating system and then follow the instructions after running:

certbot certonly -d aroundthebend.net,www.aroundthebend.net --manual

At the end of the process you'll have your updated certificate (fullchain.pem) and private key (privkey.pem) files which you can send to your web host.

Other community members may have other suggestions.

9peppe · March 29, 2022, 12:33am

Other than running certbot with the dns-01 challenge, either manually or using an API, I can only think of another option: use the http-01 challenge, with --manual-auth-hook to upload the challenge file via FTP.

ATBBlog · March 29, 2022, 1:01am

Thanks.
On my Win 10 PC I found certificate.cert, intermediate.pem, and private.pem in a directory I created,

Does that offer any clues? I'm happy to dig more myself, I just have no clue where to dig. I did this late at night and lost all my notes

9peppe · March 29, 2022, 1:08am

Check the creation and last modification dates. Also check how many times the word "BEGIN" appears in the certificate and intermediate files.

_az · March 29, 2022, 1:12am

Those 3 files are standard and could have been obtained with any suitable ACME client that you can run on Windows.

The instructions I provided in my previous post will also produce those certificate files (though they'd be called cert.pem, chain.pem and privkey.pem, respectively).

I couldn't tell you exactly what process you followed the first time, but you can use any program you like, really. They mostly all end up with the same result.

ATBBlog · March 29, 2022, 1:23am

I'm a former developer... why are different names used for what's (apparently) the same file? How can that work?

So I either used a website or downloaded something onto my PC? I haven't used the shell on my hosting service in years so I don't think it would have been there.

_az · March 29, 2022, 1:42am

Yes, the naming conventions vary, but same file contents.

Probably! Like I said, it's not super important to keep using the same tool as before, if you're doing things manually.

webprofusion · March 29, 2022, 7:10am

Probable windows options for software you may have used:

certbot (this would have files under C:\certbot and be installed under C:\Program Files (x86)\certbot)
win-acme (this would have config under C:\ProgramData\win-acme but the tool itself could be installed anywhere)
Certify The Web (this would have config under C:\ProgramData\certify and have a start menu item for the UI)

There's a few other possible options but these would be the main ones. You could also potentially have used a website only tool.

Once you know how you produced the original you can repeat it, alternative you can use any of the above to do the same again (just start again).

system · April 28, 2022, 7:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.