Simple Help requested


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://www.thepcmr.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: 24host.uk and cloudflare

I can login to a root shell on my machine (yes or no, or I don’t know): I do not know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel

Hello,
I had installed an SSL certificate using Lets Encrypt but it has expired. I am not sure what I need to do to renew it and all of the help topics are about as clear as mud to me.

Is there an idiots guide on how to renew the SSL. The SSL for my site is handled by Cloudflare I think so is working fine but the certificate for mail.thepcmr.com is not renewing. I have tried to find the information here but I could not understand the solutions people had posted to what I thought was my issue. I did this after I clicked update certificate, then auto-fill the details and then the only option is to install, it again said its installed already.

Any help is much appreciated and thank you for looking.
Matt


#2

Hi @minkisan,

Is it possible that you set up CloudFlare sometime after August 17 of this year?

Your certificate was apparently auto-renewing successfully every two months but failed to renew as would have been expected on October 17:

https://crt.sh/?Identity=%thepcmr.com&iCAID=16418

The thing that I notice right away is that www.thepcmr.com is behind Cloudflare, but mail.thepcmr.com is not, so they have different IP addresses (as seen by the general public). However, these old certificates cover both www.thepcmr.com and mail.thepcmr.com.

If your cPanel still thinks that it’s managing both www.thepcmr.com and mail.thepcmr.com, it might be trying to request new certificates that cover both—but these requests could be failing because of the presence of Cloudflare. Could you configure cPanel to request a separate certificate only for mail.thepcmr.com, the name that’s not behind Cloudflare?

Is the renewal interface that you’re using the one inside your cPanel instance?


#3

I think it was after August actually, I was working on the speed of the site. I was trying within the CPanel and the host, 24host.uk have said I should turn off Cloudflare caching for mail.thepcmr.com which I was about to do. I will let you know if that fixes the issue shortly.
Thank you very much for replying.
Matt