Renew certificate after expiry

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://siservs.com/

I ran this command: ./certbot-auto renew --dry-run

It produced this output:
Requesting to rerun ./certbot-auto with root privileges…
./certbot-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/siservs.com.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for siservs.com
http-01 challenge for www.siservs.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Challenge failed for domain siservs.com
Challenge failed for domain www.siservs.com
http-01 challenge for siservs.com
http-01 challenge for www.siservs.com
Cleaning up challenges
Attempting to renew cert (siservs.com) from /etc/letsencrypt/renewal/siservs.com.conf produced an unexpected error: Some challenges have failed… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/siservs.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/siservs.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version): LAMP( [lamp-v20190522 ])

The operating system my web server runs on is (include version): Debian 9.11

My hosting provider, if applicable, is: GCP

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.40.1

I want to renew my certificate but it is expired.

1 Like

Did you read the actual error message, preventing you from renewing?:

I would suggest you check your webserver config for a missing slash (’/’) in the redirect from HTTP to HTTPS.

1 Like

All was working fine before and I haven’t really configured and new things lately.
In what file should I check?

this is my lamp-serve.config:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName www.siservs.com
ServerAlias siservs.com
Redirect permanent / https://www.siservs.com
<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted

ErrorLog ${APACHE_LOG_DIR}/error.log

Possible values include: debug, info, notice, warn, error, crit,

alert, emerg.

LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined

That line is your redirect. It’s not correct. It’s missing a slash (’/’).

See for more information: https://httpd.apache.org/docs/2.4/mod/mod_alias.html#redirect

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.