New to Renewal: Setup by an offshore developer (inaccessible currently)

rkarmani · October 5, 2020, 5:18pm

Hi-
I am new to setting up or renewing Let's Encrypt certificates. I had assumed they'd renew automatically, but I received an email from Let's Encrypt team that we need to renew them with 18 and then 9 days left.

My domain is: https://shopify-api-production.askwhai.com/

Our API is on Amazon AWS. How do I go about finding how to update the certificates? Thank you for the help!

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

rg305 · October 5, 2020, 5:36pm

Welcome to the forum!

Can you show all the domain names that were on such emails?

rg305 · October 5, 2020, 5:36pm

That depends on which client was used to obtain the certs.

rkarmani · October 5, 2020, 5:36pm

Hi- Here are the domains. Thanks.

*.askwhai.com
askwhai.com

rg305 · October 5, 2020, 5:44pm

There have been several wildcard certs issued by LE.
[one of which will expire tomorrow]
But it is difficult to know if you are actually using it.
You also have a wildcard cert issued by Amazon: https://crt.sh/?id=3439181357
And also have one that covers the base domain and www from GoDaddy: https://crt.sh/?id=3411337344
[both of which have a year left in them]
You may need to check all your sites manually to see which certs are in use and when they are going to expire.

rkarmani · October 5, 2020, 5:45pm

Got it, thanks. We are definitely using LE certificate for the wildcard domain. Please see here.
https://shopify-api-production.askwhai.com/

rg305 · October 5, 2020, 5:47pm

OK I do see that one will expire within the next 24 hours.
The first problem I see is:

Name:    shopify-api-production.askwhai.com
Addresses:  3.128.72.97
          18.190.63.44
          3.22.37.5

Do you know how the cert was installed onto three servers?

rkarmani · October 5, 2020, 5:49pm

Yes, that's the server and certificate. I am not sure how it was installed.

I believe we were using AWS::EC2::SecurityGroupIngress and Elastic Beanstalk environment on us-east-2 region of AWS

rg305 · October 5, 2020, 5:51pm

Unfortunately I am unfamiliar with the how to on that.
Let me ping someone more in tune with such a setup.
[@_az can you have a look at this?]