SSL Has Expired unable to Auto renew

gamujtaba · May 31, 2018, 3:17am

I have tried to renew the SSL Certificate for https://myamplify.co/, We are using SSL servers of Lets Encrypt “letsencrypt.org”. Kindly check my site and help me to renew my SSL certificate.

Regards,

mnordhoff · May 31, 2018, 3:32am

Can you provide more information about your setup, and what errors you’re experiencing?

There are a lot of different ways to set up Let’s Encrypt certificates, and different ways they can go wrong.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

gamujtaba · May 31, 2018, 4:46am

it was installed on 6 month back that was working fine 4 days ago the ssl goes to expire, now i want to ask why its not renewed automatically…

mnordhoff · May 31, 2018, 4:59am

It was getting renewed, seemingly automatically, every 60 days, but it seems to have stopped. It’s impossible to say why without more information.

https://crt.sh/?q=%myamplify.co

gamujtaba · May 31, 2018, 5:13am

I saw this was renewed last time on 2018-02-26 to 2018-05-27. but its not renewed on 2018-05-27 to onward,
it should be renewed automatically

Regards,

_az · May 31, 2018, 5:18am

The renewal is the responsibility of the software running on your server. Not anybody else’s.

To help you, we need to know what software you used to issue the certificate in the first place.

Did you use Certbot? Something else?

certbot certificates
dpkg --list | grep -iE "(cerbot|letsencrypt)"

gamujtaba · May 31, 2018, 5:21am

yes we are using certbot. but below is the out put of these commands

root@ip-172:~# certbot certificates
certbot: command not found
root@ip-172:~# dpkg --list | grep -iE “(cerbot|letsencrypt)”
root@ip-172:~#

_az · May 31, 2018, 5:23am

Maybe you are using certbot-auto.

If you can locate where certbot-auto is on your filesystem, you can try run it:

/path/to/certbot-auto certificate
/path/to/certbot-auto renew --dry-run

If you can’t find it, you can download it again.

gamujtaba · May 31, 2018, 5:40am

#locate certbot-auto
below is the output

/opt/eff.org/certbot/venv/certbot-auto-bootstrap-version.txt
/opt/letsencrypt/certbot-auto
/opt/letsencrypt/letsencrypt-auto-source/certbot-auto.asc

rg305 · May 31, 2018, 6:50am

Try:
/opt/letsencrypt/certbot-auto certificates

also show:
/etc/letsencrypt/renewal/<your.cert.name>.conf

gamujtaba · May 31, 2018, 7:05am

below is the output

root@ip-172-31-31-169:~# /opt/letsencrypt/certbot-auto certificates
cat: write error: No space left on device

root@ip-172-31-31-169:~# /etc/letsencrypt/renewal/myamplify.co.conf
bash: /etc/letsencrypt/renewal/myamplify.co.conf: Permission denied

gamujtaba · May 31, 2018, 7:11am

root@ip-172-31-31-169:~# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
udev 2052843 392 2052451 1% /dev
tmpfs 2054147 327 2053820 1% /run
/dev/xvda1 5242880 552251 4690629 11% /
none 2054147 2 2054145 1% /sys/fs/cgroup
none 2054147 6 2054141 1% /run/lock
none 2054147 1 2054146 1% /run/shm
none 2054147 3 2054144 1% /run/user
overflow 2054147 829 2053318 1% /tmp
/dev/xvdf1 13107200 25631 13081569 1% /data
root@ip-172-31-31-169:~# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
udev 8211372 12 8211360 1% /dev
tmpfs 1643320 400 1642920 1% /run
/dev/xvda1 82428116 45737776 33236204 58% /
none 4 0 4 0% /sys/fs/cgroup
none 5120 0 5120 0% /run/lock
none 8216588 0 8216588 0% /run/shm
none 102400 0 102400 0% /run/user
overflow 1024 1024 0 100% /tmp
/dev/xvdf1 206292664 48059828 147730744 25% /data

rg305 · May 31, 2018, 7:20am

See what you can delete in the /tmp folder

show:
more /etc/letsencrypt/renewal/myamplify.co.conf

gamujtaba · May 31, 2018, 7:23am

Below is the result of more…

root@ip-172-31-31-169:~# more /etc/letsencrypt/renewal/myamplify.co.conf

renew_before_expiry = 30 days

version = 0.21.1
cert = /etc/letsencrypt/live/myamplify.co/cert.pem
privkey = /etc/letsencrypt/live/myamplify.co/privkey.pem
chain = /etc/letsencrypt/live/myamplify.co/chain.pem
fullchain = /etc/letsencrypt/live/myamplify.co/fullchain.pem
archive_dir = /etc/letsencrypt/archive/myamplify.co

Options used in the renewal process

[renewalparams]
authenticator = apache
installer = apache
account = 06decd3fcf72a4f9e4916a1e99ec077f

rg305 · May 31, 2018, 7:35am

It may have been a disk full problem.
If you have cleared up space, try the renewal process again.

gamujtaba · May 31, 2018, 7:36am

how can i clean the /temp

rg305 · May 31, 2018, 7:42am

Although I don’t feel comfortable giving you advice on such server maintenance; as I don’t know what information is there, why it is there, and what to do with anything found there.
I can only assume from basic Linux knowledge that “temporary files” are stored in /tmp and such files are generally discarded on reboot.
So, before doing anything, I would first try rebooting and see if that made any automatic changes to the /tmp folder. But that is just my opinion… Do what you think is best or consult a professional Linux admin.

gamujtaba · May 31, 2018, 8:31am

root@ip-172-31-31-169:~# /opt/letsencrypt/certbot-auto certificates
Upgrading certbot-auto 0.8.1 to 0.24.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: myamplify.co
    Domains: myamplify.co www.myamplify.co
    Expiry Date: 2018-05-27 01:26:23+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/myamplify.co/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/myamplify.co/privkey.pem
-------------------------------------------------------------------------------
root@ip-172-31-31-169:~# cat /etc/letsencrypt/renewal/myamplify.co.conf
# renew_before_expiry = 30 days
version = 0.21.1
cert = /etc/letsencrypt/live/myamplify.co/cert.pem
privkey = /etc/letsencrypt/live/myamplify.co/privkey.pem
chain = /etc/letsencrypt/live/myamplify.co/chain.pem
fullchain = /etc/letsencrypt/live/myamplify.co/fullchain.pem
archive_dir = /etc/letsencrypt/archive/myamplify.co

# Options used in the renewal process
[renewalparams]
authenticator = apache
installer = apache
account = 06decd3fcf72a4f9e4916a1e99ec077f


root@ip-172-31-31-169:~# /opt/letsencrypt/certbot-auto renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/myamplify.co.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for myamplify.co
http-01 challenge for www.myamplify.co
Waiting for verification...
Cleaning up challenges

-------------------------------------------------------------------------------
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/myamplify.co/fullchain.pem
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/myamplify.co/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
-------------------------------------------------------------------------------

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

root@ip-172-31-31-169:~# /etc/init.d/apache2 restart

rg305 · May 31, 2018, 8:40am

What does /tmp look like?
df -h

And congrats on upgrading certbot:

And on renewing the cert:

But im not sure the web service has restarted yet...
Try:
service apache2 restart

Or just press ENTER
LOL

gamujtaba · May 31, 2018, 8:51am

Now every thing is okay /temp was over flow thats why i was unable to renew the ssl

Topic		Replies	Views
I Want To Renew My SSL Certificate Help	6	830	November 13, 2021
How do I renew SSL certificate? It will expire in 3 days. C-panels says to contact Let's Encrypt Help	2	923	January 6, 2022
Certificate has expired Help	4	749	April 22, 2021
SSL expired & can't get in to renew it Help	2	269	December 21, 2023
SSL Certificate updating automatically Help	16	1697	October 29, 2022

SSL Has Expired unable to Auto renew

renew_before_expiry = 30 days

Options used in the renewal process

Related topics