I have set up auto renewal for my certificate but it expired few days ago!
Can anyone help me with what I can do to check, renew and set up auto renewal properly?
Last time I tried to do this it broke my site, so I just want to play it safe and ask how I can check the status first before doing anything!
What kind of auto-renewal did you set up? Is it trying to renew the certificate? Is it failing?
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
So basically last time I try to renew/setup auto renew of the certificate, my site broke down and I cannot access it. I had a friend help to solve it so I am not exactly sure what happened there, apparently something about apache stopped working…? Sorry I’m new to this!
My site is hosted on AWS EC2, Bitnami wordpress
Running certbot --version, the output:
certbot 0.26.1
If you could guide me on what I should do next, maybe try renewing first?
Let me know if you have any success with that. I also recommend testing against the Let’s Encrypt staging environment so that you don’t hit rate limits.
In your tar xf command you left the “X.Y.Z” in the filename. That needs to be replaced with the version number you downloaded, or you could use a shell wildcard:
Run tar xf lego_*.tar.gz and then the sudo mv lego /opt/bitnami/letsencrypt/lego command should work.
Hi @titchen, did you run that command in the same directory you downloaded the lego archive? It looks like the answer may be no because no files matched the wildcard.
You should be able to run these commands without error exactly as written. After that you can continue with “Step 2” of the Alternative Approach instructions.
If you’re curious, I slightly modified the wget used in the curl command line to specifically output to lego.tar.gz (by adding -O lego.tar.gz) so we can ignore the version and simply tar xf lego.tar.gz.
I guess you used --tls want to be tls-sni-01, but it’s deprecated due to security reason, and replaced with tls-alpn-01, but it mostly needs standalone server and bitmani is unlikely support. can you use http-01 challenge?
It looks to me like you used "smart quotes" in your command and the shell is waiting for more input. You need to use regular quotation marks and not the smart quote characters. Try typing them instead of copy/pasting into your terminal.
I think that should have been -email yum@titchen.co and a space was replaced by a -.
The second error I can see was when you were creating the symlinks from the issued certificates to the location your webserver config tries to load them from.
and DOMAIN was supposed to be replaced by your real domain name.
I bet those symlinks are now broken and that's why Apache won't start saying:
'/opt/bitnami/apache2/conf/server.crt` does not exist or is empty.
You'll want to go back in the process to fix the lego command you ran. Make sure you don't move on to the next step of the instructions until each command completes without an error.
After you fix the lego command you should change your sudo ln -sf commands to make sure they use your real domain name and not the placeholder "DOMAIN".