Let's Encrypt certificate expiration notice for domain "www.algebra.live"


#1

Hi,
I received the email below to my mail, nakai@algebra.live in 12/3/2018, 2:55 PM.
This is my mail server. I couldn’t renew at that time, so I think that’s why my mail server does not work, and can’t send email.
Could you tell me how to renew now.
My co-worker did it, so I don’t know what it is for. Could you tell me what it is for? I think it is for mail server. but might be not.

Email I received:
12/3/2018, 2:55 PM
Hello,

Your certificate (or certificates) for the names listed below will expire in 10 days (on 13 Dec 18 06:06 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let’s Encrypt’s current 90-day certificates, that means
renewing 30 days before expiration. See
https://letsencrypt.org/docs/integration-guide/ for details.

www.algebra.live

For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can’t provide support by email.

Regards,
The Let’s Encrypt Team


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.algebra.live

I ran this command: certbot renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.algebra.live.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Attempting to renew cert (www.algebra.live) from /etc/letsencrypt/renewal/www.algebra.live.conf produced an unexpected error: (‘Connection aborted.’, gaierror(-2, ‘Name or service not known’)). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.algebra.live/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.algebra.live/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

My web server is (include version):

The operating system my web server runs on is (include version): CentOS7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
I use DigitalOcean for my linux centOS server

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Thank you very much.
Best regards,
Kai


#2

It appears that your server lacks the ability to resolve domain names.

What’s the output of this command:

host acme-v02.api.letsencrypt.org

#3

Hi thank you for help.
My server lacks the ability to resolve domain names…
I don’t know why… how is that happen…
The output is below.
host acme-v02.api.letsencrypt.org
Host acme-v02.api.letsencrypt.org.localdomain not found: 5(REFUSED)


#4

Sounds like your server is configured to use an authoritative DNS resolver, when what it needs is a recursive DNS resolver.

What is the contents of your /etc/resolv.conf file?

One way to fix it is to replace whatever you have with some public DNS resolvers, e.g.:

nameserver 1.1.1.1
nameserver 1.0.0.1

#5

Hi

The contents of my /etc/resolv.conf file is here…

; Created by cloud-init on instance boot automatically, do not edit.
;
search localdomain
nameserver 142.93.117.249

I am using DigitalOcean


#6

You are running a DNS server on your DigitalOcean droplet but haven’t configured it to work in recursive mode.

If you don’t know how to fix that, it’s probably better to just try my earlier advice with 1.1.1.1.

Edit: Here’s some DigitalOcean-specific advice about configuring that file: https://www.digitalocean.com/community/tutorials/an-introduction-to-cloud-config-scripting#configure-resolvconf-to-use-specific-dns-servers


#7

Please also note: your “bare” domain name, algebra.live, doesn’t have a A record. So it doesn’t resolve to an IP address. The hostname www.algebra.live does, so that one works. But if people would “forget” or forgo the www. part, which is pretty common nowadays when people enter the hostname in the address bar, the client would give an error, telling the user the name isn’t resolvable.

Second note: if you add an A record to algebra.live and you want that hostname to work with HTTPS/Let’s Encrypts certificate too, you’ll need to add that hostname to the certificate. You might want to ask your co-worker how he set up HTTPS in the first place and to add the algebra.live hostname to the certificate.


#8

Hi _az
Thank you very much for your support
I just try your advice with 1.1.1.1 in /etc/resolv.conf file for now. I would like to set as it is written in the the link later.

; Created by cloud-init on instance boot automatically, do not edit.
;
search localdomain
nameserver 1.1.1.1

Hi Osiris,
Thank you very much for support.
I set algebra.live to have A record. I removed www.algebra.live. I think this is wrong.
I think I set it correctly. Is it okay?
My co-worker is not in same place, and can’t contact…

Is this okay?

Thank you very much for your help…

I still can’t send email…


#9

You should have both.


#10

Oh I just set both www.algebra.live and algebra.live.
I have both


closed #11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.