Problems renewing cert

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I received an email stating my cert is due for renewal. But when I try to renew I get a message stating my naked domain is not due for renewal. But my domain of www.kevinleroy.me is. I’m unable to renew www.kevinleroy.me

My domain is: kevinleroy.me

I ran this command: sudo certbot renew --cert-name kevinleroy.me

It produced this output:

Processing /etc/letsencrypt/renewal/kevinleroy.me.conf

Cert not yet due for renewal

The following certs are not due for renewal yet:

/etc/letsencrypt/live/kevinleroy.me/fullchain.pem expires on 2019-11-07 (skipped)

No renewals were attempted.

My web server is (include version): NGINX

The operating system my web server runs on is (include version):
Ubuntu nginx v1.14.0

My hosting provider, if applicable, is:
DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0

2

What is the output of "sudo certbot certificates"?

What version of Ubuntu? 19.04, 18.04, 16.04...?

3

Hi @kevinl

checking your domain there is no problem visible.

Your certificate is valid

CN=kevinleroy.me
	09.08.2019
	07.11.2019
expires in 50 days	kevinleroy.me, www.kevinleroy.me - 2 entries

it has both domain names, both connections are secure.

You can use the certificate the next 50 days, so that result

is expected. And you don't have mixed content.

PS: There is the reason of your mail ( https://check-your-website.server-daten.de/?q=kevinleroy.me#ct-logs ):

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-08-09 2019-11-07 kevinleroy.me, www.kevinleroy.me - 2 entries
Let's Encrypt Authority X3 2019-08-08 2019-11-06 kevinleroy.me - 1 entries
Let's Encrypt Authority X3 2019-07-10 2019-10-08 www.kevinleroy.me - 1 entries

The certificate with only one domain name expires. But you can ignore the mail, you don't need that certificate.

Read

4

My apologies for not getting back to you before. This has happened to me once before. My cert expired for my wildcard domain. I kept getting renewal notices and kept trying to renew but it said I didn’t have any to renew so I ignored. Then the day it expired, I couldn’t access my website securely. It’s setup so that www will redirect to my naked domain. Can I just renew my wildcard? Why is my wildcard expiring when it was setup at the same time as my naked domain?

5

certbot renew usually can’t renew wildcard certificates because the wildcard certificates were created with --manual in order to use the DNS challenge, while the non-wildcard certificates were usually created with a different method that could be automated with the HTTP challenge.

If you run certbot renew from the command line, you’ll probably see the error about this from Certbot.

The short-term solution is to renew with certbot certonly from the command line, while the long-term solution is to use a DNS host that has an API that you can use to tell Certbot how to make the required DNS changes automatically.

1 Like
6

Thanks much!! That solves my problem. I’m using DigitalOcean. I’ll check with them for a long term solution

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.