Ssl certificate renewal issue

shwetha · August 11, 2022, 1:13pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dev.wallet.amechain.io

I ran this command:sudo certbot renew

It produced this output:ert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/dev.wallet.amechain.io/fullchain.pem expires on 2022-10-10 (skipped)
No renewals were attempted.

My web server is (include version): debain

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 0.31.0
my website show certificate is expired after august 11th, please help how to get my website secure and i should it manually by logging into server

rg305 · August 11, 2022, 2:55pm

Have you tried restarting the nginx web server?

shwetha · August 11, 2022, 3:21pm

No i didnt restart nginx

rg305 · August 11, 2022, 3:58pm

Then you should.
And we need to add that restart/reload into the renewal schedule.

shwetha · August 12, 2022, 3:10am

i gave the command systemctl reload nginx, can you help me what command i have to use

MikeMcQ · August 12, 2022, 3:18am

Ok good. It looks like reloading nginx started using your newer cert. See here

You could setup a cron job to run the reload every night. That would pick up any new cert created during the day.

Or, we can review your certbot renewal and possibly improve that. If you want us to look at that show us this file

/etc/letsencrypt/renewal/dev.wallet.amechain.io.conf

shwetha · August 12, 2022, 4:10am

version = 0.31.0
archive_dir = /etc/letsencrypt/archive/dev.wallet.amechain.io
cert = /etc/letsencrypt/live/dev.wallet.amechain.io/cert.pem
privkey = /etc/letsencrypt/live/dev.wallet.amechain.io/privkey.pem
chain = /etc/letsencrypt/live/dev.wallet.amechain.io/chain.pem
fullchain = /etc/letsencrypt/live/dev.wallet.amechain.io/fullchain.pem

Options used in the renewal process

[renewalparams]
account = e5dda80aaedbdbc20cfd9503cbe0b589
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = nginx

rg305 · August 12, 2022, 5:00am

Let's have a look at the cron jobs:

crontab -l
systemctl list-timers | grep certbot

shwetha · August 12, 2022, 7:47am

i have not set cron

MikeMcQ · August 12, 2022, 1:13pm

Then how does the certbot renew command run? Do you run it by manually?

rg305 · August 12, 2022, 9:13pm

You may not have too.
Some certbot installs will make the job for you, again:

system · September 11, 2022, 9:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.