Let's Encrypt certificate renewal failure

tiby · March 16, 2022, 1:05pm

I usually renew the certificate on our website training.unitsofsound.com by restarting apache services every 3 months but now this is not happening. Hence tried the below command

I ran this command: sudo certbot renew

It produced this output: Attempting to renew cert (training.unitsofsound.com) from /etc/letsencrypt/renewal/training.unitsofsound.com.conf produced an unexpected error: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f59a1ce0048>: Failed to establish a new connection: [Errno -2] Name or service not known',)). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/training.unitsofsound.com/fullchain.pem (failure)

My web server is (include version): Server version: Apache/2.4.18 (Ubuntu)
Server built: 2018-04-18T14:53:04

The operating system my web server runs on is (include version):DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.22.2

9peppe · March 16, 2022, 1:14pm

You have to update your client to use acme-v02. Given that you're using a very old certbot version and an even older ubuntu version... I don't know what to tell you. (your certbot version should support acme-v02)

tiby · March 16, 2022, 1:32pm

Hi 9peppe,

Many thanks for your reply. I am not much familiar with this, could you please help me with the instruction to update to acme-v02?

Kind regards

Tiby

9peppe · March 16, 2022, 1:41pm

See here:

tiby · March 16, 2022, 1:51pm

Thank you. The link for Certbot takes you to a blank page though.

I tried this: # sudo certbot renew --server https://acme-v02.api.letsencrypt.org/directory

and it came back as success for renewal but the website still shows SSL error. Is this an accepted method?

9peppe · March 16, 2022, 1:54pm

It looks like the certificate has been renewed but not installed. You should check your apache config and see if it's looking in the right place, reload apache if needed.

tiby · March 16, 2022, 2:03pm

Oh okay. I did try reloading apache but that didn't help. I will have a look at the apache config. Thanks

9peppe · March 16, 2022, 2:08pm

If you're using bitnami you should follow their guides, though.

They put certificates and configs in non-standard places and I don't know how you made it work with certbot (if you did).

tiby · March 16, 2022, 2:30pm

Thank you for that. I am currently running the Bitnami Diagnostic tool so I can get support from them.

tiby · March 22, 2022, 2:30pm

Thank you for your help!

I have resolved this now by copying the certificates from Lets Encrypt folder and then pasting it to the moodle certificate folder using the below command:

cp -f /opt/bitnami/letsencrypt/certificates/<domain>.key /opt/bitnami/apps/moodle/conf/certs/certificates/<domain>.key

And did the same for .crt, .json and .issuer.crt files.

And then restarted apache services.

Thanks

Tiby

system · April 21, 2022, 2:30pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.