SSL Has Expired unable to Auto renew


#1

I have tried to renew the SSL Certificate for https://myamplify.co/, We are using SSL servers of Lets Encrypt “letsencrypt.org”. Kindly check my site and help me to renew my SSL certificate.

Regards,


#2

Can you provide more information about your setup, and what errors you’re experiencing?

There are a lot of different ways to set up Let’s Encrypt certificates, and different ways they can go wrong.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

it was installed on 6 month back that was working fine 4 days ago the ssl goes to expire, now i want to ask why its not renewed automatically…


#4

It was getting renewed, seemingly automatically, every 60 days, but it seems to have stopped. It’s impossible to say why without more information.

https://crt.sh/?q=%myamplify.co


#5

I saw this was renewed last time on 2018-02-26 to 2018-05-27. but its not renewed on 2018-05-27 to onward,
it should be renewed automatically

Regards,


#6

The renewal is the responsibility of the software running on your server. Not anybody else’s.

To help you, we need to know what software you used to issue the certificate in the first place.

Did you use Certbot? Something else?

certbot certificates
dpkg --list | grep -iE "(cerbot|letsencrypt)"

#7

yes we are using certbot. but below is the out put of these commands

root@ip-172:~# certbot certificates
certbot: command not found
root@ip-172:~# dpkg --list | grep -iE “(cerbot|letsencrypt)”
root@ip-172:~#


#8

Maybe you are using certbot-auto.

If you can locate where certbot-auto is on your filesystem, you can try run it:

/path/to/certbot-auto certificate
/path/to/certbot-auto renew --dry-run

If you can’t find it, you can download it again.


#9

#locate certbot-auto
below is the output

/opt/eff.org/certbot/venv/certbot-auto-bootstrap-version.txt
/opt/letsencrypt/certbot-auto
/opt/letsencrypt/letsencrypt-auto-source/certbot-auto.asc


#10

Try:
/opt/letsencrypt/certbot-auto certificates

also show:
/etc/letsencrypt/renewal/<your.cert.name>.conf


#11

below is the output

root@ip-172-31-31-169:~# /opt/letsencrypt/certbot-auto certificates
cat: write error: No space left on device

root@ip-172-31-31-169:~# /etc/letsencrypt/renewal/myamplify.co.conf
bash: /etc/letsencrypt/renewal/myamplify.co.conf: Permission denied


#12

root@ip-172-31-31-169:~# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
udev 2052843 392 2052451 1% /dev
tmpfs 2054147 327 2053820 1% /run
/dev/xvda1 5242880 552251 4690629 11% /
none 2054147 2 2054145 1% /sys/fs/cgroup
none 2054147 6 2054141 1% /run/lock
none 2054147 1 2054146 1% /run/shm
none 2054147 3 2054144 1% /run/user
overflow 2054147 829 2053318 1% /tmp
/dev/xvdf1 13107200 25631 13081569 1% /data
root@ip-172-31-31-169:~# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
udev 8211372 12 8211360 1% /dev
tmpfs 1643320 400 1642920 1% /run
/dev/xvda1 82428116 45737776 33236204 58% /
none 4 0 4 0% /sys/fs/cgroup
none 5120 0 5120 0% /run/lock
none 8216588 0 8216588 0% /run/shm
none 102400 0 102400 0% /run/user
overflow 1024 1024 0 100% /tmp
/dev/xvdf1 206292664 48059828 147730744 25% /data


#13

See what you can delete in the /tmp folder

show:
more /etc/letsencrypt/renewal/myamplify.co.conf


#14

Below is the result of more…

root@ip-172-31-31-169:~# more /etc/letsencrypt/renewal/myamplify.co.conf

renew_before_expiry = 30 days

version = 0.21.1
cert = /etc/letsencrypt/live/myamplify.co/cert.pem
privkey = /etc/letsencrypt/live/myamplify.co/privkey.pem
chain = /etc/letsencrypt/live/myamplify.co/chain.pem
fullchain = /etc/letsencrypt/live/myamplify.co/fullchain.pem
archive_dir = /etc/letsencrypt/archive/myamplify.co

Options used in the renewal process

[renewalparams]
authenticator = apache
installer = apache
account = 06decd3fcf72a4f9e4916a1e99ec077f


#15

It may have been a disk full problem.
If you have cleared up space, try the renewal process again.


#16

how can i clean the /temp


#17

Although I don’t feel comfortable giving you advice on such server maintenance; as I don’t know what information is there, why it is there, and what to do with anything found there.
I can only assume from basic Linux knowledge that “temporary files” are stored in /tmp and such files are generally discarded on reboot.
So, before doing anything, I would first try rebooting and see if that made any automatic changes to the /tmp folder. But that is just my opinion… Do what you think is best or consult a professional Linux admin.


#18
root@ip-172-31-31-169:~# /opt/letsencrypt/certbot-auto certificates
Upgrading certbot-auto 0.8.1 to 0.24.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: myamplify.co
    Domains: myamplify.co www.myamplify.co
    Expiry Date: 2018-05-27 01:26:23+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/myamplify.co/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/myamplify.co/privkey.pem
-------------------------------------------------------------------------------
root@ip-172-31-31-169:~# cat /etc/letsencrypt/renewal/myamplify.co.conf
# renew_before_expiry = 30 days
version = 0.21.1
cert = /etc/letsencrypt/live/myamplify.co/cert.pem
privkey = /etc/letsencrypt/live/myamplify.co/privkey.pem
chain = /etc/letsencrypt/live/myamplify.co/chain.pem
fullchain = /etc/letsencrypt/live/myamplify.co/fullchain.pem
archive_dir = /etc/letsencrypt/archive/myamplify.co

# Options used in the renewal process
[renewalparams]
authenticator = apache
installer = apache
account = 06decd3fcf72a4f9e4916a1e99ec077f


root@ip-172-31-31-169:~# /opt/letsencrypt/certbot-auto renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/myamplify.co.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for myamplify.co
http-01 challenge for www.myamplify.co
Waiting for verification...
Cleaning up challenges

-------------------------------------------------------------------------------
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/myamplify.co/fullchain.pem
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/myamplify.co/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
-------------------------------------------------------------------------------

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

root@ip-172-31-31-169:~# /etc/init.d/apache2 restart


#19

What does /tmp look like?
df -h

And congrats on upgrading certbot:

And on renewing the cert:

But im not sure the web service has restarted yet…
Try:
service apache2 restart

Or just press ENTER
LOL


#20

Now every thing is okay /temp was over flow thats why i was unable to renew the ssl