Is there an easy way to renew Encrypt certificate after expiration?

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dhchewins.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

As you're not providing any useful information from the questionnaire, I can only answer: it depends.

3 Likes
3

Thanks for your response. My website is hosted on Google Cloud, and based on WordPress. All I am aware of is whenever anyone tries to access my website, the message says it is insecure and the https heading crossed out.

4

Is that shared hosting or do you have a VPS? I.e.: do you have administrator (root) access on the device? Or just a control panel? (2 more questions from the questionnaire...)

How did you get the first certificate in the first place?

Also, looking at your certificate history at crt.sh | dhchewins.com it looks like it always renewed every 2 months as planned.. What changed?

2 Likes
5

A lapse of good judgment and lack of attention. I missed the notices.
Yes, I have admin login.
I think my web designer set it up in the beginning.

6

Then the first step is to determine which ACME client was used to get the certificate(s). You might want to start looking for a speciflc "SSL" plugin in WordPress. If that doesn't show anything, you might want to check your webserver configuration (which seems to be Apache, another question of the questionnaire...) for the SSLCertificateFile directive. Often the location of that certificate will point to a certain ACME client.

3 Likes
7

Then the easiest answer to your question might be to get that same web designer to help renew the cert.
OR for them to, at least, explain some of the unknowns to you [and in turn to us (if you still can't resolve the lack of automated renewing)].

2 Likes
8

Thanks. i was thinking of doing that.

1 Like
9

The SSL plugin says "Really Simple SSL". I went to its Dashboard to activate the certificate. Everything went well until it says in the last line:

Next step

If the challenge directory cannot be created, or is not reachable, you can either remove the server limitation, or change to DNS verification.

How do I proceed?

10

image

Those seem contradictory.
It is difficult (from here) to know why it can't use what it claims to have just been made readied for its' use.

SSH?
If any case, can you show the directories created (and their permissions)?
And, can you also create a test text file in the expected challenge location?

2 Likes
11

Sorry. I don't know how.
Maybe it's all too technical for me.
Any idea what hosting provider Google Cloud is known for? None of the names presented as options ring a bell?

12

That does present a problem; As the solution seems to require some (higher) level of technical "know how".

Sorry, but I don't understand the question.

2 Likes
13

The first 2 bullets are about the local file system. The 3rd bullet seems to be an actual HTTP request testing the webserver, leading to a HTTP 404 file not found error.

Perhaps the Apache configuration is currently in a state not compatible with the Really Simple SSL plugin. However, I have no clue about that plugin and I'm not sure if @dinzc is able and/or comfortable digging into the Apache configuration using SSH.

3 Likes
14

Thank you guys. I will hire someone to resolve this.

3 Likes