Renewing my SSL

Pepejam22 · December 3, 2024, 10:53pm

Subject: Assistance with SSL Renewal

Hi

I'm reaching out because I believe my SSL certificate was issued through your services. I’d like to confirm this and get assistance with renewing it, as it is set to expire on February 10, 2025.

Here is the relevant information:

Common Name (CN)	www.toucanpromotions.ca
Organization (O)
Organizational Unit (OU)
Common Name (CN)	R10
Organization (O)	Let's Encrypt
Organizational Unit (OU)

Please let me know if you need anything else from me to proceed. I appreciate your help!

Thanks

rg305 · December 3, 2024, 11:20pm

Hi @Pepejam22, and welcome to the LE community forum

You deleted all the questions that would normally help us to help you...

How did you get that certificate?

Pepejam22 · December 3, 2024, 11:40pm

Hi Rudy,

I hope this email finds you well!

To be honest, I’m not quite sure how I originally set this up. I purchased my domain through GoDaddy and followed the instructions from the company that built my website back in 2020. However, I’ve reached out to them, and they’ve mentioned they’re unsure who the host is or who provided the SSL certificate.

I’m feeling a bit stuck and want to make sure I don’t lose the SSL, as that would impact my website's credibility and functionality. Any advice or guidance you could offer would be greatly appreciated.

Thank you so much for your time and help!

Warm regards

Milo

danb35 · December 4, 2024, 12:05am

Yes, every Let's Encrypt certificate will expire 90 days after it is issued. It will ordinarily be automatically renewed 30 days before then, which in your case would be 11 Jan 25. You don't need to do anything.

Bruce5051 · December 4, 2024, 12:17am

Using the online tool Let's Debug yields these results https://letsdebug.net/www.toucanpromotions.ca/2300001

ANotWorking
Error
www.toucanpromotions.ca has an A (IPv4) record (208.215.218.15) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "https://www.toucanpromotions.ca/.well-known/acme-challenge/letsdebug-test": read tcp 65.21.146.168:56986->208.215.218.15:443: read: connection reset by peer

Trace:
@0ms: Making a request to http://www.toucanpromotions.ca/.well-known/acme-challenge/letsdebug-test (using initial IP 208.215.218.15)
@0ms: Dialing 208.215.218.15
@407ms: Server response: HTTP 301 Moved Permanently
@407ms: Received redirect to https://www.toucanpromotions.ca/.well-known/acme-challenge/letsdebug-test
@407ms: Dialing 208.215.218.15
@717ms: Experienced error: read tcp 65.21.146.168:56986->208.215.218.15:443: read: connection reset by peer

IssueFromLetsEncrypt
Error
A test authorization for www.toucanpromotions.ca to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
208.215.218.15: Fetching https://www.toucanpromotions.ca/.well-known/acme-challenge/0X4M8rJyYvOyPY4LBC7cnFgZzuUxjDuzwZGYsaEc7rc: Connection reset by peer

Yet when I use nmap and curl I see this

Check that Ports 80 & 443 are open.

$ nmap -Pn -p80,443 www.toucanpromotions.ca                                                                          Starting Nmap 7.80 ( https://nmap.org ) at 2024-12-04 00:12 UTC
Nmap scan report for www.toucanpromotions.ca (208.215.218.15)
Host is up (0.061s latency).
rDNS record for 208.215.218.15: www.promoplace.com

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds

Try the simulated ACME request on HTTP; and we get redirected to HTTPS

$ curl -Ii http://toucanpromotions.ca/.well-known/acme-challenge/sometestfile -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Content-Type: text/html
Location: https://www.toucanpromotions.ca/.well-known/acme-challenge/sometestfile
ServerID: 8
Date: Wed, 04 Dec 2024 00:13:14 GMT

And follow the redirect to HTTPS gives a response code of HTTP/1.1 404 Not Found, as expected.

$ curl -k -Ii https://www.toucanpromotions.ca/.well-known/acme-challenge/sometestfile -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 2038
Content-Type: text/html
Last-Modified: Mon, 02 Dec 2024 18:13:33 GMT
ServerID: 8
Content-Security-Policy: frame-ancestors 'self' *.promoplace.com;
X-Frame-Options: sameorigin
Date: Wed, 04 Dec 2024 00:13:32 GMT

Yet Let's Debug got for a response
Get "https://www.toucanpromotions.ca/.well-known/acme-challenge/letsdebug-test": read tcp 65.21.146.168:56986->208.215.218.15:443: read: connection reset by peer

Edit

Possibly a Geo Blocking issue of sorts

Regarding Geo Blocking please read:

rg305 · December 4, 2024, 1:53am

I agree; You can see here that your site certificate has been renewing for several years:
crt.sh | toucanpromotions.ca

Pepejam22 · December 4, 2024, 2:46am

wow..thank you so much:smiling_face_with_three_hearts:

system · January 3, 2025, 2:46am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate Renewal Issue Help	4	241	April 8, 2024
SSL certificate failed to renew Help	8	950	June 10, 2018
SSL Certificate Renewal Help	5	538	August 6, 2023
SSL expired & can't get in to renew it Help	2	273	December 21, 2023
Need to renew my ssl certificate Help	11	1243	August 1, 2019

Renewing my SSL

Edit

Related topics