Renew SSL Certificate

Dear Support Team,
i just recently take over one data center where i found one web server using lets encrypt ssl certificate which will be expire after a month. now want to renew but don't have any idea how to renew.

My domain is:
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal

can any one guide please... thank you .

What certificate are you worried about? It looks like a few are renewing automatically without issue.


i am not familiar that's the reason. i am here for help.

Ok, but there are a lot of possible variables here. A lot of possibilities to get and configure a Let's Encrypt certificate.

I don't know your system. Only you do.


SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
Include /etc/letsencrypt/options-ssl-apache.conf

above mention files are located in our server. and it will be expire on 29 may. i don't if it will be renew automatic or we have to do it manual . previous It person done this before i am new to this so i don't know.

So it's nginx and certbot.

Run this command:

sudo certbot certificates


sudo certbot renew --dry-run

if those commands do not complain, you're probably fine.

It should autorenew 30 days before on April 29th.

1 Like

should i wait until 29 april or 30 april and then use these commands ?

Found the following certs:
Certificate Name:
Expiry Date: 2022-05-29 14:40:04+00:00 (VALID: 36 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

after run first command these information received.

Good. The second command will tell you if the renewal can proceed automatically.


sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)


  • The following errors were reported by the server:

    Type: connection
    Detail: 37.224.xx.xx: Fetching
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

Are you editing your DNS records at the moment?

Because that domain doesn't point to any IP address.


no i am not editing anything just i use the 2nd command

So, doesn't respond to me.

And doesn't actually exist as a subdomain on your nameservers.

3 Likes is the correct one

Yes, and it redirects to "live" for at least some clients.


yes people from outside they access ... from outside. but ssl certificate is install and configure on other server ... and between ssl certificate installed server & public ip address there is firewall ... which specific ports allowed from outside and inside no issues

what you suggest should we wait until 29 april. maybe it will renew automatically...

Waiting will do no good.

You have to understand how to allow public access to port 80 on that server, so that validation can proceed.

Then you can configure certbot to do it automatically (if possible at all)


yes i did allowed to this ssl server port 80 .
how to check if cerbot is already configure

Looks like Apache

That said, yes, without a public IP what is the point of having a public cert?
can't find Non-existent domain