I believe this was the solution for renewing certificates on a much much older version of Caddy. Please read the docs to see the recommended way today.
I believe this was the solution for renewing certificates on a much much older version of Caddy. Please read the docs to see the recommended way today.
I thought so too, but please have a look at Let's Encrypt Certificate revoked but not renewed (as referenced in this thread).
@rconrad What's in your Caddy logs? No one who has reported this behavior has showed us their logs, so we can only guess without them.
Completely new to this and not sure which steps to take to renew our certification.
Site: chat.bioangels.net
Installed a Rocket.Chat server with a Snap and created an SSL with Caddy and Let's Encrypt.
I check the online database and our site was affected. But I'm not sure how to renew our certification or where our certifications are even located (or which version of Caddy I am using).
OS: Ubuntu 20.04
Hosted by Digital Ocean
What's in your Caddy logs? No one who has reported this behavior has showed us their logs, so we can only guess without them.
Because we haven't seen any logs with an indication about the OCSP issue.
Except - of course - where the renewals worked with the tls.cache.maintenance
event
OCSP status for managed certificate is REVOKED; attempting to replace with new certificate
But even assuming that the OCSP cache could be the reason, we deleted $XDG_DATA_HOME/caddy/ocsp
and restarted caddy without success.
One presumably could build a test case with a manual certificate revocation and measure / debug the issue easily.
Interesting. We were 'unaffected' per the tool LE created, but the cert is revoked and we needed to triage. FYI.
How did you check that?
If you used the tool with the URL of your site, it might pick up the incorrect certificate (b/c it might have already been renewed). You could enter your hostname into https://crt.sh/ and check the certificate which was issued just before January 26th. That cert then probably is revoked and on the list of the tool. You can check that using the serial (without the colons :
, just the number/letters).
I am currently running a Wordpress site on Lightsail. I've successfully renewed my certificate but it is not showing up on skinva.com
Issues related to revocation should be fixed for all users in the latest CertMagic: Release v0.15.3 · caddyserver/certmagic · GitHub
Whereas before, it was just kind of a party trick, this patch has been tested in production on thousands of domains and is known to work.
Hi i want to renew, How can i do that ?
Has anyone been able to successfully fix this using Lego? I am getting 'The certificate expires in 59 days, the number of days defined to perform the renewal is 30: no renewal.'. It would really suck if the website can't be seen for 29 more days. Doesn't seem like a good thing for Lego to not have a force renew option.
@tychoash
Is there any way to temporarily change the default renewal interval (30 days before expiry) to a number that would trigger the renewal today?
Maybe with the --days X
option as described here? (such as set days to 90)
I remember why I love this community! You rock @MikeMcQ (you too @rg305). That worked and the site is back up and running!
We completed revocations and provided additional time for revoked certs to be renewed and replaced with relaxed rate limits. We have returned our rate limits to the documented values.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.