Renew the certbot certificate

Help Aide (en français)
1

Veuillez remplir les champs ci-dessous pour que nous puissions vous aider. Remarque : vous devez fournir votre nom de domaine pour obtenir de l’aide. Les noms de domaine des certificats émis sont tous rendus publics dans les journaux de Transparence de Certificat (par exemple, crt.sh | example.com). Par conséquent, le fait de ne pas indiquer votre nom de domaine ici n’aide pas à le garder secret, mais rend plus difficile pour nous le fait de vous aider.

Je peux lire des réponses en Anglais : oui

Mon nom de domaine est : siic.dev

J’ai exécuté cette commande : certbot --dry-run renew

Elle a produit cette sortie :
Failed to renew certificate siic.dev-0001 with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/siic.dev-0001/fullchain.pem (failure)
/etc/letsencrypt/live/siic.dev/fullchain.pem (failure)

Mon serveur Web est (inclure la version) : ubuntu 22.04

Le système d’exploitation sur lequel mon serveur Web s’exécute est (version incluse) : ubuntu 22.04

Mon hébergeur, le cas échéant, est : ovh

Je peux me connecter à un shell root sur ma machine (oui ou non, ou je ne sais pas) : oui

J’utilise un panneau de configuration pour gérer mon site (non, ou fournit le nom et la version du panneau de configuration) :non

2

Hi @jmt, and welcome to the LE community forum :slight_smile:

Please show:
certbot certificates

and:
ls -l /etc/letsencrypt/renewal/

2 Likes
3 
root@siic:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: siic.dev-0001
    Serial Number: 3d91af82595de01b2d7cf846c8ed33e406a
    Key Type: ECDSA
    Domains: siic.dev
    Expiry Date: 2023-11-16 08:28:54+00:00 (VALID: 63 days)
    Certificate Path: /etc/letsencrypt/live/siic.dev-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/siic.dev-0001/privkey.pem
  Certificate Name: siic.dev
    Serial Number: 46e061f55080a2d38610a2c38d3dcc52d43
    Key Type: ECDSA
    Domains: siic.dev www.siic.dev
    Expiry Date: 2023-09-11 15:07:43+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/siic.dev/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/siic.dev/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@siic:~# ls -l /etc/letsencrypt/renewal/
total 8
-rw-r--r-- 1 root root 568 Aug 18 09:28 siic.dev-0001.conf
-rw-r--r-- 1 root root 513 Jun 13 16:07 siic.dev.conf
root@siic:~#
4

It looks like you don't really need the first cert.
But, since the second is expired, you need to renew it and use it instead.

2 Likes
5

Please show:
cat /etc/letsencrypt/renewal/siic.dev.conf

3 Likes
6

how should I proceed, I am new to using certificates and especially let's encrypt.
your help step by step will be very beneficial to me

7 
root@siic:~# cat /etc/letsencrypt/renewal/siic.dev.conf
# renew_before_expiry = 30 days
version = 2.6.0
archive_dir = /etc/letsencrypt/archive/siic.dev
cert = /etc/letsencrypt/live/siic.dev/cert.pem
privkey = /etc/letsencrypt/live/siic.dev/privkey.pem
chain = /etc/letsencrypt/live/siic.dev/chain.pem
fullchain = /etc/letsencrypt/live/siic.dev/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = 39aba8726bdf2732529898c089cd003f
authenticator = nginx
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory
key_type = ecdsa
root@siic:~#
8

It is quite difficult to break the --nginx authenticator plugin.
Let's try:
certbot renew --cert-name siic.dev

If that fails, show:
nginx -T

3 Likes
9 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/siic.dev.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for siic.dev and www.siic.dev

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: www.siic.dev
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for www.siic.dev - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.siic.dev - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Failed to renew certificate siic.dev with error: Some challenges have failed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/siic.dev/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.


root@siic:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@siic:~#
10

That is the first thing you must fix OR remove that name from the certificate request.
Do you plan on using that name?

3 Likes
11

yes sir

12

Thank you, le problème est résolu

1 Like
14

What now shows?:
certbot certificates

and:
nginx -T | grep '-0001'

2 Likes
15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.