Need to renew expired certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: southkonafarms@gmail.com

I ran this command: I wish I knew what to run.

I tried this:

johnredden@cylon3:~ sudo certbot renew [sudo] password for johnredden: sudo: certbot: command not found johnredden@cylon3:~ locate certbot
johnredden@cylon3:~ johnredden@cylon3:~ sudo certbot renew
[sudo] password for johnredden:
sudo: certbot: command not found
johnredden@cylon3:~ locate certbot johnredden@cylon3:~

It produced this output:

sudo: certbot: command not found
johnredden@cylon3:~ locate certbot johnredden@cylon3:~

My web server is (include version):
Apache/2.4.18(Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 16.04 LTS
My hosting provider, if applicable, is:
Linode
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): not foound

Hi,

What’s your domain?
How did you get the certificate before?

Thank you

I’m digging in a little deeper. The certificate is supposed to be renewed by cron

/opt/letsencrypt/letsencrypt-auto renew --webroot --webroot-path /var/www/southkonafarms.com

I ran sudo ran in and it told me
The following certs are not due for renewal yet:
/etc/letsencrypt/live/southkonafarms.com/fullchain.pem expires on 2020-06-30 (skipped)
No renewals were attempted.

Hmmm something weird is going on,

I’ll dig some more

-John

When using --webroot, Certbot doesn’t know anything about how or where the certificate is used. (It knows where it’s saved on disk, but not which applications are configured to make use of it.) That means that applications like Apache, nginx, etc., don’t get restarted or reloaded by Certbot during a renewal based on --webroot; Certbot simply doesn’t know what to do to tell the other software about the presence of the new certificate.

You’ll probably be able to get it to be noticed by restarting or reloading the web server application. You might then add a --deploy-hook script to perform this automatically during renewals.

2 Likes

Hi,

Have you tried to restart your apache webserver?

First try to restart your webserver.

sudo systemctl reload apache2 or sudo systemctl reload httpd

If this works, like @schoen said, you’ll need to add a --deploy-hook
e.g. ./certbot-auto renew --deploy-hook "systemctl reload httpd" or ./certbot-auto renew --deploy-hook "systemctl reload apache2"

Thank you

2 Likes

Magic, the secure site is back, Note the date on the site is 1-Apr-2020 and the cert expired 30-Aug-2020. Maybe cron is not set up correctly. Its been a while since I did Linux sys-admin but it’s coming back. Seem like a fence post bug.

Thank you for your help. If there are further issues I will contact your organization,

-John Redden

The cron is setup correctly, but your system admin didn't configure certbot to automatically update your apache web server.
Please advice he/she to fix it, or this issue will come back again for next renewal...
(See post #5)

Thank you

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.