Need to view the acme-challenges again for a renewal

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:haslv.com

I ran this command: ```
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly


It produced this output:
bitnami@ip-172-26-13-6:~$ sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challe
nges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you
 requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/haslv.com.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 

My web server is (include version):  Apache/2.4.41 (Unix)

The operating system my web server runs on is (include version):Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-1102-aws x86_64)

My hosting provider, if applicable, is:  AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of `certbot --version` or `certbot-auto --version` if you're using Certbot):  not sure ?
1 Like

Certbot version: certbot 0.31.0

1 Like

Hi and welcome to the community!

What does this show:
certbot certificates

And what problem are you having?
[sorry, I don't understand: "Need to view the acme-challenges again for a renewal"]

1 Like

You're using Bitnami. You shouldn't be using certbot, but a Bitnami specific approach.

2 Likes

certbot certificates - show command not found

Problem: Certificate expired over the weekend. I renewed it and seemed to work. A couple of hours later, I tried it on another computer and it show expired. I checked the DNS TXT record and tried to re-enter it. But, I dont know the value for the second record. So, I am dead in the water until I get the two acme-challenge values to enter into the DNS. Where can I view the challenges now?

1 Like

I am using Bitnami approach. Certbot was installed via Bitnami documentation and has worked until I tried to renew an expired certificate. Now, if I issued the command to manually renew I dont see the acme-challenges anymore.

sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly
1 Like

This isn't going to help you. You have already renewed your certificate 3 times already this week. Renewing it yet again won't make any difference.

You need to figure out why your server isn't using the renewed certificate, rather than the expired certificates.

As @Osiris pointed out, the usual way to do this on Bitnami is to use the Bitnami instructions: https://docs.bitnami.com/general/how-to/generate-install-lets-encrypt-ssl/. Certbot is not used there.

If you really want to use Certbot, you need to identify where Bitnami is reading its certificates from:

grep -r sslcertificatefile /opt/bitnami/apache2

and make sure it (and the key file) points to the the renewed certificate in Certbot (/etc/letsencrypt/live/haslv.com/fullchain.pem and privkey.pem, respectively).

3 Likes

Going to Bitnami for support. Thx

2 Likes