Not Able to renew SSL


#1

I tried to Renew SSL but I got a below error.

Please help me with this.

Failed authorization procedure. www.DomainName (tls-sni-01): urn:ietf:params:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.DomainName
    Type: tls
    Detail: remote error: tls: handshake failure

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    you have an up-to-date TLS configuration that allows the server to
    communicate with the Certbot client.


#2

Hi,

Could you please try run the program with following parameters?

sudo certbot renew --preferred-challenge http
This would switch you from the ‘kind of’ buggy tls-sni-01 to http validation… (Please make sure port 80 is open before executing the command)

Thank you

P.S. thank @jmorahan for fixing my spelling…


#3

Steven, isn’t it simpler than that?

it looks as if akash1, you have entered www.DomainName somewhere instead of your actual domain name. When it is trying to verify the domain it cannot find www.DomainName, hence the error?


#4

I tried with the mentioned command, it is showing below error.
-bash: certbot: command not found

Also, port 80 and 443 are open for the same.


#5

I am using my domain name instead of www.DomainName.


#6

Please provide more information.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#7

My domain is: motostorelocator.com

I ran this command: ./letsencrypt-auto certonly --standalone --renew-by-default -d motostorelocator.com -d www.motostorelocator.com

It produced this output: Failed authorization procedure. www.DomainName (tls-sni-01): urn:ietf:params:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.DomainName
    Type: tls
    Detail: remote error: tls: handshake failure

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    you have an up-to-date TLS configuration that allows the server to
    communicate with the Certbot client.

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Amazon Linux

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#8

It produced this output:
Failed authorization procedure. www.motostorelocator.com (tls-sni-01): urn:ietf:params:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.motostorelocator.com
    Type: tls
    Detail: remote error: tls: handshake failure

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    you have an up-to-date TLS configuration that allows the server to
    communicate with the Certbot client.


#9

Hi,

Apologize, please use the below command
sudo ./letsencrypt-auto renew --preferred-challenge http


#10

Thank you for your help.

It’s work, it is showing below status:
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/motostorelocator.com/fullchain.pem (success)

So how did I use the renewed certificate?
Do I have to make any changes in SSL conf file?


#11

Please help to set auto-renewal cronjob for the same.


#12

For the auto renewal, you just need to use the same argument as before… (Just ./certbot-auto renew)

You don’t need to make any changes to existing configuration file… You could simply restart your web-server if the Certificate is not properly reflected.

Thank you


#13

In a cron job you should probably not use the ./ because the path of the cron process might not be the same as the path where the certbot-auto program is saved. Instead, you could use the explicit path to the certbot-auto program.


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.