Hi folks. I have a site that has used WordPress / Really Simple SSL / Let's Encrypt for years, but now I have an issue. I read the sticky re: secondary validation thanks for the info but it doesn't seem to apply.
For the last year or more I have manually updated the Let’s Encrypt cert within 90 days via the Really Simple SSL / Let’s Encrypt wizard. This time, however, when the wizard gets to the Generation stage I see this output:
Terms & Conditions are accepted.
Successfully retrieved account
Certificate already generated. It was renewed if required.
If I copy the resulting CRT, my web host tells me it is ALREADY EXPIRED. That seems to suggest that Let's Encrypt is refusing to generate a new cert for some reason, but I cannot debug any further. Any help on how to proceed would be v much appreciated.
So it seems your "Really Simple SSL" plugin is confused about the certificate being renewed. That said, I have no clue how that plugin works or if you could e.g. get detailed logs from it to figure this out.
Can you somehow force the Really Simple SSL plugin in renewing?
It's useful to establish that the site / plugin is misbehaving rather than anything at LE. I've already updated the RSSSL plugin & reset everything, but no joy. I think my next steps will be
Remove the plugin entirely, reinstall, see what happens
Attempt to use the CPanel "web disk manager" to find plugin logs (good idea) / delete related SLL / cache files
Enquire about shell access and use certbot to generate keys manually
Well, it's almost never actually LE misbehaving if it's just n=1
But we simply don't know, currently, what's really underneath that "Certificate already generated" output, even though we don't see that certificate in transparancy log aggregators such as crt.sh. It might be anything underneath
In the mean time the Let's Debug tool gives your site also the "everything should be good to go" result (Let's Debug).
While I also think your steps 1 and 2 are a good thing to try first, maybe you should look at CertSage as an alternative to shell access and Certbot. CertSage doesn't require shell access and is fairly easy to use. And comes with cPanel integration for installing the certificate semi-automatically, although I'm not sure that also works with TSO Host.
Renamed ssl dir (next to public_html) -> ssl_bak. No change.
Took a tour of the filesystem in web interface & realised the whole site is actually served from an alias via a symlink called "dummy_123456789" and not where I thought it was.
Swore at a picture of a martian tripod I have on the wall a couple of times.
Renamed sslin the correct place -> ssl_bak and re-re-installed the RSSSL plugin.
Ignored a PHP error on plugin activation, RSSSL requested a new cert & completed successfully.
The whole thing's a mess, but TSO Host are winding up operations, so I'll migrate this site to a dedicated WP host next week. For now, SSL is working and I have CertSage as plan B if needed.
Thanks for doing a ton of free work for randos on the internet, you guys are awesome.
