Novice user - CPanel renewal error

Hi,
I’ve been using Let’s Encrypt with C-Panel for a couple of years without problems.

However, trying to re issue a certificate for a subdomain now brings up the following response

"

Error issuing certificate
Failed to issue certificate
Updating challenge for login.fledge.education: acme: error code 403 "urn:ietf:params:acme:error:unauthorized": Invalid response from http://login.fledge.education/.well-known/acme-challenge/e8jxHqIGljVIx9Xsm4RDbLVSr3OzZB9HJTc_7Eo0Sik [167.99.207.56]: 404 (order URL: https://acme-v02.api.letsencrypt.org/acme/order/13033559/2172932231)

My domain is: login.fledge.education

My web server is (include version):

The operating system my web server runs on is (include version): ubuntu, I think

My hosting provider, if applicable, is: Digital Ocean droplet

I can login to a root shell on my machine (yes or no, or I don’t know): Yes, but un-confident with it

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): C Panel via WHM

DNS is managed via Godaddy.

Any advice or thoughts very welcome!

Thanks

1 Like

Hi @tim-mkmd

your configuration looks curious ( https://check-your-website.server-daten.de/?q=login.fledge.education )

Your ip addresses:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
login.fledge.education yes 2 2
www.login.fledge.education yes 2 2
login.fledge.education A 167.99.207.56 City of London/England/United Kingdom (GB) - DigitalOcean, LLC No Hostname found no
www.login.fledge.education A 185.53.59.45 Torquay/England/United Kingdom (GB) - Krystal Hosting Ltd No Hostname found no

Your authoritative ip addresses aren’t visible.

Non-authoritative - different ip addresses non-www / www.

Your www has a correct certificate:

CN=login.fledge.education
	22.01.2020
	21.04.2020
expires in 83 days	
login.fledge.education, www.login.fledge.education - 2 entries

Your non-www has an expired:

CN=login.fledge.education
	02.10.2019
	31.12.2019
29 days expired	login.fledge.education - 1 entry

Why is there a valid certificate? Why there are different ip addresses?

Where do you run your cPanel?

1 Like

Hi,

thanks for the reply! It is a curious set up, but it has been working fine till it needed renewing.

I do not know why the www certificate has not expired, or indeed, where it is, as I have no record of that in the Cpanel that I can admin.

I assume the issue is within the Digital ocean droplet, the set up of which is above my skill set. The site was developed on the Digital Ocean platform by a developer who has vanished.

I will look into the Digital Ocean set up to see if I can learn more.

thanks for taking time to reply,

1 Like

Here’s what I can make of your situation:

You have two servers:

  • proton.ecohosting.co.uk - your cPanel server
  • 167.99.207.56 - your DigitalOcean droplet

You are hosting your main website (fledge.education) from the cPanel server.

However, login.fledge.education is hosted from the DigitalOcean Droplet, not from the cPanel server.

Now, when you want to create an SSL certificate for any of your domains, you need to do it from the server on which the domain is actually hosted.

This means that you can’t create a certificate for login.fledge.education from the cPanel server - the domain isn’t hosted there.

If you want to secure/renew a certificate for login.fledge.education, you need to login to your DigitalOcean droplet via SSH as the root user, and renew it using Certbot or whatever Let’s Encrypt software was used to create the certificate initially.

I hope that sort of makes sense.

Reading in between the lines, it seems like your developer may have left you in a lurch and you might not have the ability to do this on your own. In that case, I’d try find somebody to replace them.

3 Likes

Hello, many thanks, yes that makes sense. I think it was co-incidental that the certificates expired on both servers at the same time. Because a dev version on the site on the Droplet was originally on the C-panel adminsitered server.

Yes, I’m looking for a new dev!

Thanks again

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.