I ran this command:
I have a client library in php and console commands
It produced this output:
My web server is (include version):
nginx/openresty/1.13.6.2
The operating system my web server runs on is (include version):
CentOS
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
nope
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): nope
Our service receives certificates from let’s encrypt for customer domains.
Recently, there was a problem with certificates renew.
I see that the error is that the order is in invalid status, but I can’t understand why:
How can I determine what the error is? In my opinion, the responses and requests are quite adequate.
Domains that work with an expired certificate have already accumulated, I really need help.
Does this mean that I have to delete the folder with the order, keys and certificates for this domain and request everything again?
How to avoid this in the future? After all, with this approach, the path to the keys will change, then what is the point in general in the possibility of certificate renew?
On a technical level, “renewing” a certificate isn’t really a thing. It’s just a word to describe issuing a new certificate that you consider to be similar to an older one.
It’s common to generate a new private key, but you can use the same one.
How to save the new certificate and key files is your choice. I’d guess that most ACME clients delete the old files and save the new ones at the same paths.
My impression is that very few Let's Encrypt clients save an order reference to disk. Instead, they normally use an order to obtain a certificate in a short period of time that normally corresponds to a single use of the client application. For example, in Certbot we always request a new order object from the certificate authority for each new certificate request. This is not the case for accounts, certificates, and keys, which we do persist on disk.