I have no idea how to do renewals

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: remote.megaray.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Unfortunately I cannot fill in any of the other questions as I’m not sure how to answer them.

Hi @IBussey

you have some older Letsencrypt certificates ( https://check-your-website.server-daten.de/?q=remote.megaray.com ):

CRT-Id Issuer not before not after Domain names LE-Duplicate next LE
1142620535 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-01-25 06:03:31 2019-04-25 05:03:31 remote.megaray.com
928114369 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2018-11-07 23:56:50 2019-02-05 23:56:50 remote.megaray.com
808221202 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2018-09-06 06:20:18 2018-12-05 07:20:18 remote.megaray.com
808218163 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2018-09-06 06:17:18 2018-12-05 07:17:18 remote.megaray.com
808211571 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2018-09-06 06:11:42 2018-12-05 07:11:42 remote.megaray.com

How did you create these certificates? Do that again.

The server answers:

Domainname Http-Status redirect Sec. G
http://remote.megaray.com/
196.210.45.134 -14 10.023 T
Timeout - The operation has timed out
https://remote.megaray.com/
196.210.45.134 -14 10.026 T
Timeout - The operation has timed out
http://remote.megaray.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
196.210.45.134 404 0.523 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.25 (Raspbian) Server at remote.megaray.com Port 80

http + / and https + / doesn't answer, http + /.well-known/acme-challenge answers with a correct http status 404 - not found.

Looks like you have configured that system, so

Server: Apache/2.4.25 (Raspbian)

answers.

We had an IT company do the renewal. Our Director now wants it done in house so I’m trying to work out how it gets done.

Then read the basics.

Second step: Select a client.

Thank you. I will give them a read and see if I can make out what needs to be done.

There is no single procedure, because it depends on what client software you’re using. Let’s Encrypt provides an API which client software can use to request certificates.

Can you find out what the IT company did when you hired them? Do you know what software environment your server runs and whether you have administrative access to the server?

We use Certify the Web. So I downloaded the software as they state should be done, fill in the details but when I request a Certificate I get the following error.

Validation of the required challenges did not complete successfully. Invalid response from http://remote.megaray.com/.well-known/acme-challenge/691S_f7JSgSEHUjQXRkrMrGL9xamhesLImHzdzaP_nw [196.210.45.34]: "\r\n<html xmlns=“http”

The original error had to do with IIS which I activated on my PC.

@webprofusion, do you have any suggestions about this?

1 Like

I have managed to get this sorted out. Seems there was information missing. I managed to access the server and updated it that way.

Yep, looks like you have fixed the error.

A new Letsencrypt certificate is used:

CN=remote.megaray.com
	04.04.2019
	03.07.2019
expires in 89 days	remote.megaray.com - 1 entry

And the domain has a Grade B, that’s good.

Thank you for your help. The links you sent me point me in the right direction which is the only way I managed to figure it out.

Thank you.

Kind Regards,

Irene Bussey

Megaray Limited

Office: +27 11 326 1167

E-mail:
irene.bussey@megaray.com

Megaray No wording

1 Like

Just to clarify, if your are using Certify The Web you would normally run it on your actual server so that when certificates automatically renew the updated certificate is then applied. From your description it sounds like perhaps you requested the certificate on your PC then applied it to a server.

You would need to repeat this at least every 90 days to keep a certificate valid that way, if that’s how you are doing it, so setting it up on your server is preferable.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.