Problem with cert's renew

Hi!

My domain is:
go.deinehelden.com

I ran this command:
I have a client library in php and console commands

It produced this output:

My web server is (include version):
nginx/openresty/1.13.6.2

The operating system my web server runs on is (include version):
CentOS

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
nope

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): nope

Our service receives certificates from let’s encrypt for customer domains.
Recently, there was a problem with certificates renew.
I see that the error is that the order is in invalid status, but I can’t understand why:

https://acme-v02.api.letsencrypt.org/acme/order/55251892/815052053

How can I determine what the error is? In my opinion, the responses and requests are quite adequate.
Domains that work with an expired certificate have already accumulated, I really need help.

Thx.

Line 62 shows that the order expired 2019-08-07:

Whatever happened before, it’s invalid now. You need to make a new one.

Orders last for 1 week. It must have been created on 2019-07-31.

Authorizations last for 30 days, and the one involved in that order is still valid, though.

Does this mean that I have to delete the folder with the order, keys and certificates for this domain and request everything again?

How to avoid this in the future? After all, with this approach, the path to the keys will change, then what is the point in general in the possibility of certificate renew?

On a technical level, “renewing” a certificate isn’t really a thing. It’s just a word to describe issuing a new certificate that you consider to be similar to an older one.

It’s common to generate a new private key, but you can use the same one.

How to save the new certificate and key files is your choice. I’d guess that most ACME clients delete the old files and save the new ones at the same paths.

Hi @kazin8

Don't delete certificates if they are used.

Your client may crash if current certificates are checked (and deleted). Or your webserver can't restart if a certificate file is deleted.

1 Like

My impression is that very few Let's Encrypt clients save an order reference to disk. Instead, they normally use an order to obtain a certificate in a short period of time that normally corresponds to a single use of the client application. For example, in Certbot we always request a new order object from the certificate authority for each new certificate request. This is not the case for accounts, certificates, and keys, which we do persist on disk.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.