Process for Renewing certificate

museumsco · September 2, 2019, 8:12pm

My tech person left the company and now the certificate for our subdomain rs.museums.co has expired. I’m looking for a step by step procedure/process for a beginner tech person to renew the certificate.

My domain is: museums.co

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Phil · September 3, 2019, 3:45pm

Hi @museumsco,

Welcome to the community forum!

I am unable to connect to rs.museums.co. It doesn’t appear the webserver on that is running.

$ echo | openssl s_client -connect rs.museums.co:443 -servername rs.museums.co 2>/dev/null | openssl x509 -noout -issuer -startdate -enddate
^C

$ telnet rs.museums.co 443
Trying 34.234.126.29...
^C

$ telnet rs.museums.co 80
Trying 34.234.126.29...
^C

$ nmap -Pn rs.museums.co
Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-03 11:44 EDT
Nmap scan report for rs.museums.co (34.234.126.29)
Host is up (0.0015s latency).
rDNS record for 34.234.126.29: ec2-34-234-126-29.compute-1.amazonaws.com
Not shown: 999 filtered ports
PORT   STATE SERVICE
53/tcp open  domain

Nmap done: 1 IP address (1 host up) scanned in 4.38 seconds

museumsco · September 3, 2019, 3:47pm

Hi there. I just turned the server on so you should be able to access the website now

Phil · September 3, 2019, 3:50pm

Ok, great I can see the old expired cert.

$ echo | openssl s_client -connect rs.museums.co:443 -servername rs.museums.co 2>/dev/null | openssl x509 -noout -issuer -startdate -enddate
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
notBefore=Mar  7 21:08:52 2019 GMT
notAfter=Jun  5 21:08:52 2019 GMT

Can you type certbot certificates and show the output please? The simplest way to renew is to issue certbot renew per https://certbot.eff.org/docs/using.html?highlight=renew#renewing-certificates.

museumsco · September 3, 2019, 4:15pm

sorry about the delay. Where do I type in the ‘certbot certificates’ to get the output?

Phil · September 3, 2019, 4:16pm

You’ll need to ssh to the rs.museums.co server and run the command there.

museumsco · September 3, 2019, 4:21pm

Phil,
I just worked on getting the ssh client running on my laptop using Windows 10 but I haven’t figured out how to connect to the server yet. That is why I hoped that there was already a step by step on how to do this.

Phil · September 3, 2019, 4:28pm

You’ll want to check out both of these AWS docs. SSH-ing is one of those things that will become rote, don’t worry. Good utils on Windows are PuTTY and standard openssh-client in the Windows Subsystem for Linux.

museumsco · September 3, 2019, 4:39pm

Thank you for your help. I’m working to get connected and will be back to you when I have an answer for your question

museumsco · September 3, 2019, 5:46pm

Phil,
under the tutoring of someone more knowledgeable, I have been able to SSH-ing to get access to a server using PuTTY but without someone to assist me along the way, I am lost. I have generated key pairs but been unable to successfully use them to get access to the server. I am not sure what to do next

museumsco · September 3, 2019, 5:52pm

Phil,
I meant to say I was working alongside someone more knowledgeable than me in the past. You’ve been a help so far but I think I need more help than you can provide. It would be helpful to share my screen with someone to walk me through the steps once.

Phil · September 3, 2019, 6:53pm

@museumsco,

When the server hosting rs.museums.co was initially built, did anyone provide you with documentation about how to access that server? You’ll specifically be looking for an SSH private key. There’s a hint on the EC2 dashboard that may be able to help.

Best of luck.

schoen · September 5, 2019, 6:24am

It is also possible that the only copy of this private key for SSH authentication was on the device of the person who left the company. That’s not particularly unusual.

If so, is there a way to get AWS to override it without rebuilding the server?

Phil · September 5, 2019, 2:04pm

Yes there is.
This appears to be an AWS provided automated way of regaining access. I’ve not used it though. https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-ec2reset.html

This process is a bit more involved, but has worked for me in the past. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#replacing-lost-key-pair

system · October 5, 2019, 2:04pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to renew certificates Help	6	165	December 3, 2024
Certificate Renewal Help	5	514	October 29, 2022
How to renew my certificate Help	5	631	May 6, 2022
How to renew my certificate? Help	5	1362	August 14, 2017
Expired certificate Help	11	3569	February 26, 2022

Process for Renewing certificate

Related topics