SSL expired - forbidden to renew


#1

my certificate has expired and when I tried to renew, it returns: “invalid response from…403 forbidden…”
can you help me?


#2

Hi,

Please fill in this form… It would allow us to have more information and help you faster…

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Thank you

P.S.
Moved to #help


#3

Thank you steve,
The required information are as below

I ran the command: certbot renew --dry–run
I also ran this command: certbot --apache

it produced this output:

Processing /etc/letsencrypt/renewal/example.com.conf


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

IMPORTANT NOTES:

My web server is Apache 2.4.6

I am using CentOS 7.5.1804 (core)

My server is located on Hetzner

I can not login remotely nor SSH and the other ways… I just can login via VNC console

I don’t using the control panels on my server, just managing my website via wordpress


#4

Hi @isampeace

there is a 403 Forbidden - Status. Looks like your server blocks the content of /.well-known/acme-challenge/.

Do you block the access to your server? You need something like

<Location /.well-known/acme-challenge> Require all granted </Location>

Or do you have wrong rewrite rules?

Additional: Calling your domain:

The domain is marked as inactive. For more information, please contact your hosting provider.
Diese Domain wird als inaktiv markiert. Für weitere Informationen kontaktieren Sie bitte Ihren Hosting Provider.

Perhaps your provider adds something so you cannot use the domain.

But your dns (ipv6 + ipv4) is ok.


#6

Hi,

@JuergenAuer’s idea reminded me…

I checked your whois record and realized that your domain is actually expired… (According to whois.icann.org) which means your registrar might suspended your domain (explains why the page “marked as inactive”). Please kindly fix this before proceed, so at least we could remove one possibility…

You might need to contact your registrar to resolve this… (ironically… your registrar has the same page…so maybe there is a server error?)

Thank you


#7

OMG!
how stupid am I :man_facepalming:

thank you guys


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.