My domain is: pourboir.com
My Let's Encrypt certificate expired, and I can't access the website anymore. I tried reinstalling it and then running certbot, but none fixed the issue.
It produced this output:
My hosting provider, if applicable, is: lightsails from aws
I can login to a root shell on my machine (yes or no, or I don't know): YES
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): certbot 0.31.0
How did you reinstall the certificate?
I first followed the steps from here --> Install SSL which I always do every 90 days.
And then I ran certbot on top of that.
But I had the error before trying to update the certificate
Ugh, Bitnami.. I ain't touching that stuff, sorry. It's just terrible.. It makes me cry a little bit just to see that kind of how-to.. Just.. No words.. How terrible it is..
Maybe you just need to restart the webserver, I dunno..
That's probably because your certificate was previously issued with a different client than Certbot and used the
tls-alpn-01 and was revoked recently due to an issue with the
Yeah, sorry. Bitnami is just unnecessarily complicated.. And the guide you're using has many, MANY steps and different options to choose from, depending on the situation.
Such a guide goes against everything Let's Encrypt tries to stand for, which includes automation. And that guide is, well, NOT automated at all.
It also lets you get a wildcard certificate, but do you really require a wildcard? That mandates the DNS challenge, which makes it harder to automate.. Without a wildcard, automation would probably be feasable.
Anyway, I can see you have two perfectly fine certificates issued today: crt.sh | pourboir.com
You should make sure one of those newly issued certificates is loaded by your webserver, which seems to be handled by that "Really Simple SSL Plugin".. Maybe it wasn't that simple? Maybe it is? I dunno..
It was that simple for the past year.... But it somehow stopped working alone all of a sudden without me touching anything ...
it's super annoying, thanks for your help, I will try to figure it out, it seems there is an error with apache 2
You can read more about the incident I mentioned earlier here:
Although I find it strange that your certificate would be affected. Certbot doesn't support the
tls-alpn-01 challenge. Or did you use a different ACME client for the certificate which is now revoked?
I will check it out - thanks
It seems that you successfully renewed your certificate. You should use that on your site to prevent client errors. crt.sh | pourboir.com
If you have used other bitnami guides then it's possible you used the TLS-ALPN-01 challenge. For example bncert recommends using the lego client and the
--tls option which does the TLS-ALPN-01 challenge. If you want to root cause why you were affected, start by looking through your history and logs and see what client and challenge they show for the issuance of the affected certificate.
Keep in mind that affected certificates have at least one name that was validated with the TLS-ALPN-01 challenge. It's possible that you issued a certificate validated by the TLS-ALPN-01 challenge for
a.example.com then switched clients and used the DNS-01 challenge to create a certificate for
b.example.com. But if the authorization for
a.example.com was still valid from the TLS-ALPN-01 challenge then you would not need to complete a DNS-01 challenge for that name because Let's Encrypt has authorization reuse and authorization lifetimes.
It's not, it's just a single tutorial from aws that breaks everything by telling bitnami users (who already have an acme client, lego) to install certbot as well.
I fault google for putting aws docs before bitnami docs when looking for the latter.
Those guides do look better indeed
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.