I received an email that my certificate was not renewed and will expire


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: run.blrun.net

I ran this command: Command prompt auto renewing progress

It produced this output: Attached image file

My web server is (include version): IIS 7.5

The operating system my web server runs on is (include version): Windows 7 64bit

My hosting provider, if applicable, is: Installing a certificate on “Windows 7 IIS”

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Windows 7 IIS 7.5 Management(Internet Information Service Management)

In the attached image, number 1 means “Access to the path is denied.”, number 2 means “Location”.


#2

Letsencrypt-win-simple does not have write access to your public web directory.

Usually this means you aren’t running it as administrator but it appears you are?

Double-check the Security tab of the Properties window of the folder your website files are in and make sure the Administrators group has access.


#3

Thank you very much. Previously E: \ ntzn \ pds \ .well-known \ acme-challenge \ web.config file had a strange read-only attribute. I changed the read-only attribute of the file to the Archive attribute and temporarily renewed the certificate.

Looking back at that directory now, this web.config file has a read-only attribute. Is not this supposed to have the Archive attribute?

Once I disable the read-only attribute of the file, I want to check if the certificate is renewed in the future.


#4

@LoneCoder @WouterTinus any idea why @blrun’s web.config file keeps getting set to read only? Or is it at least possible to configure letsencrypt-win-simple to skip writing it?


#5

We just copy web_config.xml from the program folder without changing flags, so the issue might be that the template has its read only flag set.

Looking at those screenshots we’re dealing with a pretty old version of LEWS here (1.9.3 or below?), I’d recommend upgrading to the latest release because there’s been a huge amount of improvements since then.


#6

After downloading the new version, we were able to manually update the certificate manually using the “R: Renew Scheduled” menu after running letsencrypt.exe. Thank you very much, WouterTinus.

Will the certificates be updated automatically with this new 1.9.8.4 version?


#7

Yes, assuming that you have the scheduled task set up and running correctly, your certificate will be updated.

In my experience the scheduled task is most reliable when it’s run under the SYSTEM account, which requires some manual steps because older versions ran under a user account:

Thanks for using LEWS!


#8

Hi,

We received that email, either. Our site was set at automatically renew. However, We do not know what happened exactly? Has your site SSL certification expired?

Our site is is: Hien Thao Shop
Now it is still OK, but we are checking it.

We are using the Google Cloud Platform.

Thank you
Hien Thao Shop


#9

Hi @hienthaoshop,

These are the certificates issued for your domain:

CRT ID     DOMAIN (CN)       VALID FROM             VALID TO               EXPIRES IN  SANs
267501766  hienthaoshop.com  2017-Nov-30 15:01 UTC  2018-Feb-28 15:01 UTC  13 days     hienthaoshop.com
                                                                                       www.hienthaoshop.com
267428248  hienthaoshop.com  2017-Nov-30 12:23 UTC  2018-Feb-28 12:23 UTC  13 days     hienthaoshop.com
                                                                                       www.hienthaoshop.com
267417808  hienthaoshop.com  2017-Nov-30 12:02 UTC  2018-Feb-28 12:02 UTC  13 days     hienthaoshop.com
                                                                                       www.hienthaoshop.com
267407304  hienthaoshop.com  2017-Nov-30 11:45 UTC  2018-Feb-28 11:45 UTC  13 days     hienthaoshop.com
                                                                                       www.hienthaoshop.com
267258747  hienthaoshop.com  2017-Nov-30 07:09 UTC  2018-Feb-28 07:09 UTC  12 days     hienthaoshop.com
                                                                                       www.hienthaoshop.com
259961516  hienthaoshop.com  2017-Nov-20 13:19 UTC  2018-Feb-18 13:19 UTC  3 days      cpanel.hienthaoshop.com
                                                                                       hienthaoshop.com
                                                                                       mail.hienthaoshop.com
                                                                                       webdisk.hienthaoshop.com
                                                                                       webmail.hienthaoshop.com
                                                                                       www.hienthaoshop.com

So yes, you should review your renew process because it will expire in 13 days. I don’t know how you issued your certificate, maybe using CPanel, and maybe it will be renewed when 10 or 7 days left to expire, anyway, you should check it now that you have time.

Good luck,
sahsanu


#10

Hi Sahsanu,

Thank you so much for your reply. We are using the Google Cloud Platform with Bitnami. We are checking it now. If we need more help, we would ask again.

Best Regards
Hien Thao Shop


#11

Hello, I am 93% sure that I have :ed number of times with success (?) as below. It seems like I still keep on getting emails like “Your certificate (or certificates) for the names listed below will expire in 10 days …”. Unknowns that are maybe related: I have recently apt-get upgraded my system, I have other sites/certificates that interfere with this site in question somehow?
regards, Mikko

My domain is: sijoituslokki.fi
I ran this command: certbot renew
It produced this output:

Processing /etc/letsencrypt/renewal/sijoituslokki.fi.conf

Cert not yet due for renewal

I ran this command: certbot certificates
It produced this output:

Certificate Name: sijoituslokki.fi
Domains: sijoituslokki.fi www.sijoituslokki.fi
Expiry Date: 2018-04-28 09:00:38+00:00 (VALID: 71 days)
Certificate Path: /etc/letsencrypt/live/sijoituslokki.fi/fullchain.pem
Private Key Path: /etc/letsencrypt/live/sijoituslokki.fi/privkey.pem

My web server is: apache2 2.4.10-10+deb8u11
The operating system my web server runs on is: Linux 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1
(2018-01-08) x86_64 GNU/Linux
My hosting provider is: https://www.ovh.com/world/
I can login to a root shell on my machine: yes
I’m using a control panel to manage my site: no


#12

Hi @molkko,

These are your issued certificates:

CRT ID     DOMAIN (CN)           VALID FROM             VALID TO               EXPIRES IN  SANs
315003069  sijoituslokki.fi      2018-Jan-28 09:00 UTC  2018-Apr-28 09:00 UTC  71 days     sijoituslokki.fi
                                                                                           www.sijoituslokki.fi
313996970  www.sijoituslokki.fi  2018-Jan-26 21:01 UTC  2018-Apr-26 21:01 UTC  70 days     www.sijoituslokki.fi
266500100  sijoituslokki.fi      2017-Nov-29 05:06 UTC  2018-Feb-27 05:06 UTC  11 days     sijoituslokki.fi
                                                                                           www.sijoituslokki.fi
265304714  sijoituslokki.fi      2017-Nov-27 12:15 UTC  2018-Feb-25 12:15 UTC  9 days      sijoituslokki.fi
265266483  www.sijoituslokki.fi  2017-Nov-27 11:09 UTC  2018-Feb-25 11:09 UTC  9 days      www.sijoituslokki.fi
265166864  sijoituslokki.fi      2017-Nov-27 08:17 UTC  2018-Feb-25 08:17 UTC  9 days      sijoituslokki.fi

I suppose you are receiving notifications because of this cert:

265304714 sijoituslokki.fi 2017-Nov-27 12:15 UTC 2018-Feb-25 12:15 UTC 9 days sijoituslokki.fi

You are using the one covering both; domain and www.domain and it will expire in 71 days so nothing to worry about.

Cheers,
sahsanu