Issue in updating cert


#1

Getting issue in certificate update, Please suggest what i can do for this

command:- certbot renew
here subdomain is my subdomain and domain is actual domain

Output:- -

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for subdomain
tls-sni-01 challenge for subdomain
tls-sni-01 challenge for domain
Cleaning up challenges

Attempting to renew cert (domain.com) from /etc/letsencrypt/renewal/domain.conf produced an unexpected error: Could not automatically find a matching server block for domain.com. Set the server_name directive to use the Nginx installer… Skipping.

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/domain.com/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/domain.com/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)


#2

Hi @saurabh.patil

tls-sni-01 is deprecated, support ends 2019-02-13.

So switch to another validation method. http-01 requires an open port 80, dns-01 requires a special dns-txt entry. Or use tls-alpn-01, but this method isn’t supported via certbot.


#3

From the time your last cert was issued, you may have changed the server_name in the vhost config.
And now certbot is unable to find the matching vhost.
If the name no longer exists, delete the unused cert and get a new one for the names that need one.
Use:
certbot delete --cert-name {NAME-OF-CERT}

To find NAME-OF-CERT, use:
cerbot certificates