My ssl is expired , how to renew it?


#1

root@proxy letsencrypt]# ./certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/valid.vc.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for valid.vc
tls-sni-01 challenge for old.valid.vc
tls-sni-01 challenge for test.valid.vc
Cleaning up challenges
Attempting to renew cert (valid.vc) from /etc/letsencrypt/renewal/valid.vc.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6… Skipping.


Processing /etc/letsencrypt/renewal/old.valid.vc.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for old.valid.vc
Cleaning up challenges
Attempting to renew cert (old.valid.vc) from /etc/letsencrypt/renewal/old.valid.vc.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/valid.vc/fullchain.pem (failure)
/etc/letsencrypt/live/old.valid.vc/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/valid.vc/fullchain.pem (failure)
/etc/letsencrypt/live/old.valid.vc/fullchain.pem (failure)

2 renew failure(s), 0 parse failure(s)
[root@proxy letsencrypt]# ./certbot-auto renew


#2

Hi,

You are using tls-sni, a disabled protocol.

Please try run this command sudo certbot renew --preferred-challenge http

Thank you


#3

proxy letsencrypt]# sudo certbot renew --preferred-challenge http
sudo: certbot: command not found
[root@proxy letsencrypt]# ./certbot-auto renew --preferred-challenge http
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/valid.vc.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for valid.vc
http-01 challenge for old.valid.vc
http-01 challenge for test.valid.vc
Cleaning up challenges
Attempting to renew cert (valid.vc) from /etc/letsencrypt/renewal/valid.vc.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.


Processing /etc/letsencrypt/renewal/old.valid.vc.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for old.valid.vc
Cleaning up challenges
Attempting to renew cert (old.valid.vc) from /etc/letsencrypt/renewal/old.valid.vc.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/valid.vc/fullchain.pem (failure)
/etc/letsencrypt/live/old.valid.vc/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/valid.vc/fullchain.pem (failure)
/etc/letsencrypt/live/old.valid.vc/fullchain.pem (failure)

2 renew failure(s), 0 parse failure(s)
[root@proxy letsencrypt]#

My sysadmin left so m trying to do alone I got email ssl already expired


#4

What’s your domain name? There is no open port 80.

Every Letsencrypt-Certificate is logged - https://crt.sh/


#5

Valid.vc is the domain it was normally until ssl expired


#6

There is only https / Port 443 open. Open Port 80 / http, if you want to use the http-01 - Challenge.


#7

I want to renew the expired ssl is this the way I should open port 80’?


#8

If its how to do this ?


#9

I need to update thethe expired certificate ?


#10

That depends of your server-software. But https / Port 443 is working, only the certificate is expired.

So it should be the easiest solution to add a http - Website / Port 80.

But I don’t use nginx/1.10.2, so I don’t know the details.


#11

I want to renew certificate thats what I want only can you tell.me how ,?


#12

If you want to get a new Letsencrypt-Certificate, you must show, that you are the owner of the domain. This is a challenge. SNI-Challenges are outdated.

The http-Challenge means: Letsencrypt gives you a long token (aödfadjfsaldfjsldfjasdlfjsdfdf) and you have to put a file under /.well-known/acme-challenge/ with this token as filename and a special content.

So http-Challenge requires an open http-Port 80. You can also check if you can use the dns-Challenge. Then you need to add a dns-entry.


#13

Oh I understand okey ill, open port 80 and do it just need to know where is the port conf ? M using linux CentOS release 6.9 (Final)


#14

How can open port 80 kindly advice ?? It shows in httpd that its listening to port 80


#15

Thanks guys I figure out I suppose to stop nginx service nginx stop then I renew by doing ./certbot-auto renew

Thanks


#16

Yep, now there is a new Letsencrypt-Certificate:

valid
Freitag, 7. September 2018, 18:19:53
(Freitag, 7. September 2018, 16:19:53 GMT)


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.