SSL Certificate Expired

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
stephanieburcombe.com

I received an email saying that my SSL Certificate was expiring but each time I tried to come here to find how to renew it, I was unable to do so. Could you help me find the right steps to get my SSL certificate working again?

Thank you for your time and consideration.

2 Likes

Well, all the questions from the questionnaire, next to the single one you did answer, which you have deleted would have been quite helpful. I'm not sure why you've deleted them?

Those questions are necessary, because every setup is different and can have all kinds of different ways of how their certificate was issued and how to renew it. There's no single method, there are many.. So to be frank, we really needed those other questions to even slightly help you further.

If you could retrieve those questions again and answer them to the best of your knowledge (and if you don't know the exact answer, describe that instead of deleting the entire question) that would be very helpful.

3 Likes

@Osiris Thank you for that feedback. I'll work on getting those questions and answers.

3 Likes

My domain is:
stephanieburcombe.com

I ran this command:
I did not run a command, I received an email saying my ssl cert was expiring.

It produced this output:
There was not output.

My web server is (include version):
Amazon ec2

The operating system my web server runs on is (include version):
Ubuntu (Inferred)

My hosting provider, if applicable, is:
Namecheap

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes. New ec2 experience.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Chrome Version 96.0.4664.93 (Official Build) (x86_64)

2 Likes

I think the best we can say is, whatever you did to get the cert in the first place, do it again. If you aren't the one who obtained the cert, find out who that person is and ask him/her.

3 Likes

If this helps here is your certificate history
https://crt.sh/?Identity=stephanieburcombe.com&deduplicate=Y

Looks like you had an automatic renewal every 2 months which is a common setup.
The last successful cert was issued Mar of this year and that cert expired in Jun.

3 Likes

This is a good step.
You have all the access needed to find and fix the problem.
[and we are here to help you every step along the way :slight_smile: ]

Please SSH into the server and show us the output of this search:
find / -name fullchain.*

3 Likes

Thank you for your help. Since the cert was auto-renewing previously, I have not made any changes for this piece in quite awhile.

When I ran that, I found /etc/letsencrypt/live/stephanieburcombe.com/fullchain.pem

In /etc/letsencrypt I tried to run certbot renew --force-renewal but received this error:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1333, in main
log.pre_arg_parse_setup()
File "/usr/lib/python3/dist-packages/certbot/log.py", line 55, in pre_arg_parse_setup
temp_handler = TempHandler()
File "/usr/lib/python3/dist-packages/certbot/log.py", line 243, in init
stream = tempfile.NamedTemporaryFile('w', delete=False)
File "/usr/lib/python3.6/tempfile.py", line 681, in NamedTemporaryFile
prefix, suffix, dir, output_type = _sanitize_params(prefix, suffix, dir)
File "/usr/lib/python3.6/tempfile.py", line 269, in _sanitize_params
dir = gettempdir()
File "/usr/lib/python3.6/tempfile.py", line 437, in gettempdir
tempdir = _get_default_tempdir()
File "/usr/lib/python3.6/tempfile.py", line 372, in _get_default_tempdir
dirlist)
FileNotFoundError: [Errno 2] No usable temporary directory found in ['/tmp', '/var/tmp', '/usr/tmp', '/home/ubuntu']
Error in sys.excepthook:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 155, in apport_excepthook
pr.write(f)
File "/usr/lib/python3/dist-packages/problem_report.py", line 402, in write
file.write(v.replace(b'\n', b'\n '))
OSError: [Errno 28] No space left on device

So then I ran:
df -i

Filesystem      Inodes  IUsed  IFree IUse% Mounted on
udev            121684    308 121376    1% /dev
tmpfs           125264    479 124785    1% /run
/dev/xvda1     1024000 709504 314496   70% /
tmpfs           125264      1 125263    1% /dev/shm
tmpfs           125264      4 125260    1% /run/lock
tmpfs           125264     18 125246    1% /sys/fs/cgroup
/dev/loop0          17     17      0  100% /snap/amazon-ssm-agent/2996
/dev/loop3       10817  10817      0  100% /snap/core18/1988
/dev/loop4          16     16      0  100% /snap/amazon-ssm-agent/3552
/dev/loop6       12841  12841      0  100% /snap/core/10908
/dev/loop1       10790  10790      0  100% /snap/core18/1997
/dev/loop2       12841  12841      0  100% /snap/core/10958
tmpfs           125264     11 125253    1% /run/user/1000

I'm not sure how to proceed to get more space. I found resources regarding increasing aws volume. Does anyone have any additional advice for this?

Those partitions are misleading - they will always show as 100%.

As for your initial problem...
I would uninstall certbot and reinstall it via these instructions:

1 Like

@rg305, I agree about the /snap volume usage being misleading, but nonetheless the "No space left on device" error seems to suggest that a disk is actually full.

@sburcombe, could you try df in addition to df -i? They show different things, and you've jumped to the trickier/more obscure one rather than the simpler/more common one. :grinning:

4 Likes

OR
certbot (0.31.0) has no rights to that disk.

Here is how mine looks:
[which works just fine - with certbot snap version]

df -i
Filesystem      Inodes  IUsed   IFree IUse% Mounted on
udev             78296    411   77885    1% /dev
tmpfs            86505    602   85903    1% /run
/dev/sda2      8323072 150123 8172949    2% /
tmpfs            86505      1   86504    1% /dev/shm
tmpfs            86505      4   86501    1% /run/lock
tmpfs            86505     18   86487    1% /sys/fs/cgroup
/dev/loop0       11736  11736       0  100% /snap/core20/1242
/dev/loop1       12845  12845       0  100% /snap/core/11798
/dev/loop2       12841  12841       0  100% /snap/core/11993
/dev/loop3        7072   7072       0  100% /snap/certbot/1582
/dev/loop5       11776  11776       0  100% /snap/core20/1270
tmpfs            86505     11   86494    1% /run/user/1000
/dev/loop6        7124   7124       0  100% /snap/certbot/1670
df
Filesystem     1K-blocks    Used Available Use% Mounted on
udev              313184       0    313184   0% /dev
tmpfs              69208     960     68248   2% /run
/dev/sda2      130551876 6497176 117380012   6% /
tmpfs             346020       0    346020   0% /dev/shm
tmpfs               5120       0      5120   0% /run/lock
tmpfs             346020       0    346020   0% /sys/fs/cgroup
/dev/loop0         63360   63360         0 100% /snap/core20/1242
/dev/loop1        101888  101888         0 100% /snap/core/11798
/dev/loop2        101888  101888         0 100% /snap/core/11993
/dev/loop3         43264   43264         0 100% /snap/certbot/1582
/dev/loop5         63488   63488         0 100% /snap/core20/1270
tmpfs              69204       0     69204   0% /run/user/1000
/dev/loop6         44160   44160         0 100% /snap/certbot/1670

That situation should be errno 13 rather than errno 28.

>>> import os
>>> os.chdir("foo")
>>> ok = open("bar", "w")
>>> ok.write("hello")
5
>>> ok.close()
>>> forbidden = open("forbidden/bar", "w")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
PermissionError: [Errno 13] Permission denied: 'forbidden/bar'
>>> full = open("/dev/full", "w")
>>> full.write("hello")
5
>>> full.close()
OSError: [Errno 28] No space left on device
2 Likes

That seems telling.

2 Likes

Thank you for taking time to respond. When I just run df I get this:
Filesystem 1K-blocks Used Available Use% Mounted on
udev 486736 0 486736 0% /dev
tmpfs 100212 10788 89424 11% /run
/dev/xvda1 8065444 8049060 0 100% /
tmpfs 501056 0 501056 0% /dev/shm
tmpfs 5120 0 5120 0% /run/lock
tmpfs 501056 0 501056 0% /sys/fs/cgroup
/dev/loop0 33152 33152 0 100% /snap/amazon-ssm-agent/2996
/dev/loop3 56832 56832 0 100% /snap/core18/1988
/dev/loop4 34176 34176 0 100% /snap/amazon-ssm-agent/3552
/dev/loop6 101632 101632 0 100% /snap/core/10908
/dev/loop1 56832 56832 0 100% /snap/core18/1997
/dev/loop2 101632 101632 0 100% /snap/core/10958
tmpfs 100208 0 100208 0% /run/user/1000

2 Likes

That shows that your server hard drive really is full.

You could try something like

du -a / | sort -rn

to find some of the largest files and directories that you might want to delete, or perhaps you can get the hosting provider to increase the size of your server instance hard drive volume.

3 Likes

Amazon has some half-decent documentation on making their drives bigger:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/requesting-ebs-volume-modifications.html

Once the drive is bigger, you may need to make the file system on the drive bigger too:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recognize-expanded-volume-linux.html

Servers in general get really confused when they actually run out of space; it may be easier to just make a new server and restore the configuration/files you need from backup. The "cloud" in general works better with scripted setup of things and a "servers as cattle" approach, though I get it can be hard to get there all at once.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.