I tried to renew my SSL cert this morning and now can't reach the site

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.righthandbuyer.com

I ran this command: ./letsencrypt-auto --renew. This didn't work at all. I searched and found several people saying Ubuntu 14.04 is no longer supported for certbot. I had done a manual cert prior, so it's possible this was the problem to begin with. I then tried AcmeShell (GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol), which was recommended as a pure shell script that can be used with Let's Encrypt.

It produced this output: This produced a timeout error, and I wasn't able to parse the info that I received back when I tried to get more verbose information. It looked like it wasn't connecting at all.

I then tried rolling my Digital Ocean files back to earlier this morning's version to get things working again, but the site would not connect, as I have the site set to only connect via https, and the SSL cert is no longer working.

My web server is (include version): Ubuntu 14.04.

The operating system my web server runs on is (include version): Nginx.

My hosting provider, if applicable, is: Digital Ocean VPS.

I can login to a root shell on my machine (yes or no, or I don't know): Yes, and am having no trouble even after the issue.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Apparently no Certbot, just manual version.

Welcome to the community @bethp

There are a number of topics here but I will just address two.

One, it looks like you are using Apache - not nginx. At least that's what response headers say for http requests. Can you confirm?

Two, right now port 443 is closed. That does not necessarily interfere with getting a cert but will need to be open to use it :slight_smile:

Start with that and let us know how it went

2 Likes

Thanks. I just opened 443. Now I'm getting an error about the site being unable to provide a secure connection.

1 Like

I got it working with a self-signed certificate at this point. Hopefully I can get it moved to another server and get things working again there. Thanks for the help.

2 Likes

Good progress.

Yes, Ubuntu 14 is older as is the version of letsencrypt you are using.

Your recent renew failure was likely caused by your system needing an update for the CA Certificate store. I am not certain what is needed for Ubuntu 14 but this works for Ubuntu 16:

sudo apt-get update
sudo apt update

If that allows the below curl to work then your old certbot renew should work. Would be good to migrate to newer server version anyway though if that is part of the plan. A newer Ubuntu allows certbot snap installs and the current certbot is version 1.21

curl -I https://acme-v02.api.letsencrypt.org

If that curl does not work then there are other options to try to get your renew working anyway. Let us know if you want to try that.

2 Likes