Renewed Certificate is Not Working

MichaelCropper · May 2, 2016, 12:32pm

Hi,

Managed to install Let’s Encrypt a couple of months ago. Set up CRON Job to automate the renewal, it failed the first time.

So I’ve just updated this manually using the command;

./letsencrypt-auto renew

Which has successfully renewed the certificate. When checking in the following folder;

/etc/letsencrypt/live/mydomain.com

And running the commans;

pico cert.pem

Then decoding the certificate details in this file using this tool, https://www.sslshopper.com/certificate-decoder.html

The certificate is valid, it was created yesterday and expires in 90 days.

Yet I’m getting the browser still showing me the old certificate when viewing the website in question.

So I thought this may be related to the certificate needing to be installed again, so I ran the command;

./installssl.pl mydomain.dom

And the following error was flagged;

{“metadata”:{“version”:1,“output”:{“raw”:“Certificate verification failed!\nCertificate verified:\nstdin: CN = mydomain.com\nerror 20 at 0 depth lookup:unable to get local issuer certificate\n\n\n”},“result”:0,“command”:“installssl”,“reason”:“Certificate verification failed!\nCertificate verified:\nstdin: CN = mydomain.com\nerror 20 at 0 depth lookup:unable to get local issuer certificate\n\n\n”}}root@178 [~]#

I’m completely lost about how to resolve this. Any ideas? Currently the domain in question is unusable due to the security warnings from the browser whenever someone tries to access it.

Regards,
Michael

pfg · May 2, 2016, 12:47pm

This isn't a script provided by the client. What does this do?

My best guess is that your web server configuration is not actually pointing to /etc/letsencrypt/live/mydomain.com/cert.pem etc., but rather some old copy of that file at some other path. This is not something the renew script can do for you automatically - you'll need to script that bit yourself, or point your web server directly to the files in /etc/letsencrypt/live/mydomain.com/cert.pem.

Note that you'll also have to reload your web server in order for the new certificate to be used, so make sure you add that step to your script as well if it's missing.

Feel free to post your web server config/scripts if you need any assistance!

MichaelCropper · May 2, 2016, 1:01pm

Thanks @pfg

The “./installssl.pl mydomain.com” script is a copy of this - https://bitbucket.org/webstandardcss/lets-encrypt-for-cpanel-centos-6.x

In the end this wasn’t a problem with Let’s Encrypt. Instead, the installed Certificate in cPanel account for the domain.com needed updating with the newly generated certificate details.

It looks like when I originally installed this, I didn’t need to do this bit manually, the above script automated that part but isn’t capable of doing the renewal automation.

All sorted.

Thanks
Michael

Topic		Replies	Views
Failing to renew certificate Help	7	3564	May 6, 2018
Certificate not renewing Help	11	6352	February 1, 2017
Renew certificate created in a different server Help	5	6323	August 24, 2016
Why my cert did not renew automatically even with certbot-auto renew Server	14	11627	December 16, 2017
Problem renewing LetsEncrypt Certificate Help	2	231	May 30, 2024

Renewed Certificate is Not Working

Related topics