Noob With No More Support From Developers and Need to Either Renew Cert or Get a New One

TaT · April 2, 2019, 10:54pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Was told we use letsencrypt. Our cert expired for a month but I couldn’t figure what to do and only just started now.

My domain is: irisada.co

I ran this command: certbot certonly -d irisada.co

It produced this output: certbot: command not found

My web server is (include version):

The operating system my web server runs on is (include version): ubuntu

My hosting provider, if applicable, is: aws

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no idea
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): no idea

schoen · April 2, 2019, 10:57pm

Hi @TaT,

Can you look in your shell history (by running history) and see if there are references there to commands that were used to request certs?

You can also run locate certbot to see if any Certbot-related files are present on this system. (It’s possible that the developer used a Let’s Encrypt client application other than Certbot.)

TaT · April 2, 2019, 10:58pm

First line I see /etc/letsencrypt/csr/0000_csr-certbot.pem amongst a list of response

TaT · April 2, 2019, 11:01pm

after running history I see this 168 cd /etc/letsencrypt/live/

schoen · April 2, 2019, 11:03pm

So, the developer might also have used certbot-auto (a different way of installing Certbot); could you try running locate certbot-auto?

TaT · April 2, 2019, 11:04pm

I see this

opt/eff.org/certbot/venv/certbot-auto-bootstrap-version.txt

/opt/letsencrypt/certbot-auto

/opt/letsencrypt/letsencrypt-auto-source/certbot-auto.asc

schoen · April 2, 2019, 11:06pm

Great! It looks like the developer downloaded certbot-auto at /opt/letsencrypt/certbot-auto.

So, I would suggest running

cd /opt/letsencrypt
./certbot-auto certificates
./certbot-auto renew

It may or may not succeed, but if it doesn’t succeed, it should give some specific reasons why not!

TaT · April 2, 2019, 11:07pm

Last couple of lines

The following extra packages will be installed:

libssl1.0.0

The following packages will be upgraded:

ca-certificates libssl-dev libssl1.0.0 openssl

4 upgraded, 0 newly installed, 0 to remove and 171 not upgraded.

Need to get 2562 kB of archives.

After this operation, 9216 B of additional disk space will be used.

Do you want to continue? [Y/n] y

Abort.

ubuntu@ip-172-31-41-76:/opt/letsencrypt$

schoen · April 2, 2019, 11:08pm

You might want to upgrade your OS packages first:

sudo apt update
sudo apt dist-upgrade

After the operating system upgrades are complete, you could try running these commands again. If they still prompt you to update any software, I would suggest saying “yes”.

TaT · April 2, 2019, 11:12pm

Not sure if I messed up something

etched 128 MB in 9s (13.0 MB/s)
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LC_CTYPE = "UTF-8",
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Extracting templates from packages: 100%
Preconfiguring packages ...
*** nginx.conf (Y/I/N/O/D/Z) [default=N] ?version.onsre:C^[[C^[[C^[[C^[[C^[[C^[[C^[[C^[[C^[[C^[[D^[[D^[[D^[[D^[[D^[

TaT · April 2, 2019, 11:13pm

was I in the wrong directory

schoen · April 2, 2019, 11:15pm

It looks like the software on this machine hasn’t been upgraded at all in a while, so you may want to take care of that. The software update process may ask you some questions and expect you to answer them; without knowing more about your system, it’s hard for me to advise you about how to answer them, other than the defaults are likely to be reasonable.

TaT · April 2, 2019, 11:16pm

So can I update the cert without upgrading the software? I just need to sort out the website first. Cos I typed Y and then ran the command again and I got this
The following certs are not due for renewal yet:
/etc/letsencrypt/live/www.irisada.co-0001/fullchain.pem expires on 2019-05-26 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.irisada.co/fullchain.pem (failure)

schoen · April 3, 2019, 4:07am

Did you get any more specific error about why the renewal attempt failed?

Can you show us the output of ./certbot-auto certificates?

system · May 3, 2019, 4:12am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.