Site not working even succesful renewal

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command: sudo certbot certonly
--work-dir=. --config-dir=. --logs-dir=.

It produced this output: Successfully received certificate.

My web server is (include version): Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu 22.04

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

Hello @ashish.fabrikaa, welcome to the Let's Encrypt community. :slightly_smiling_face:

Have you restarted your Apache server service?

1 Like

You are presently serving HTTP and not HTTPS on port 443

$ curl -Ii
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Mon, 05 Jun 2023 17:56:46 GMT
Content-Type: text/html
Content-Length: 253
Connection: close


1 Like

No, that's not what that means. They have their DNS proxied in Cloudflare so are using Cloudflare CDN. Your request was rejected by Cloudflare edge as it was an HTTP request directed to the HTTPS port. Maybe fuller response below makes this clearer

curl -i
HTTP/1.1 400 Bad Request
Server: cloudflare

<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<center><h1>400 Bad Request</h1></center>

OK @MikeMcQ ; thanks again! :slight_smile:

1 Like

Do you mean your origin server is hosted on AWS? Because you are using the Cloudflare CDN.

This seems more like a Cloudflare configuration problem that might be better handled on the Cloudflare community.

But, please explain more about AWS and Cloudflare and maybe someone here will help


For https on port 443 I do see this

$ curl -Ii
curl: (35) OpenSSL/3.0.8: error:0A000410:SSL routines::sslv3 alert handshake failure

$ curl -Ii
curl: (35) OpenSSL/3.0.8: error:0A000410:SSL routines::sslv3 alert handshake failure

While using CloudFlare, this is very strange:


And maybe these help answer

Both show, which I believe is critical "No client certificate CA names sent"

140549216147264:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1556:SSL alert number 40
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 327 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
1 Like

Here is a list of issued certificates, the latest bein 2023-06-05.
Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.


As you have reached the Rate Limit

Rate Limit Current Status Domain
50 Certificates per Registered Domain per week OK (8 / 50 this week.)
5 Duplicate Certificates per week Limit exceeded. Next issuable at 12 Jun 2023 12:16:10 UTC
Summary generated at letsdebug-toolkit .
1 Like

hi @Bruce5051 @MikeMcQ

My ssl was expired but I wasn't able to renew it so I tried to installed it using manual process which installed the certficate but still my site is not working.

Please suggest what changes should I need to get this solve.

1 Like

Use one of the currently issued certificates; you have to wait until "Limit exceeded. Next issuable at 12 Jun 2023 12:16:10 UTC" has passed.

Here are Certbot Instructions | Certbot

Here details on Apache can be found in documentation and forums:

1 Like

If all you did was to renew the cert [using certonly], then all you need to do is restart/reload Apache.
If it doesn't work after that, you may have done more than just a renew.
If so, you may need to check the Apache configuration.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.