SSL Has Expired unable to Auto renew


#1

I have tried to renew the SSL Certificate for https://unitedprinters.co.in/ , We are using SSL servers of Lets Encrypt “letsencrypt.org ”. Kindly check my site and help me to renew my SSL certificate.
Certificate expired on 17 November

Regards,

My domain is: unitedprinters.co.in

I ran this command: ./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d unitedprinters.co.in -d www.unitedprinters.co.in

It produced this output:

My web server is (include version):Google cloud

The operating system my web server runs on is (include version): google cloud (wordpress bitnami)

My hosting provider, if applicable, is: google cloud
I can login to a root shell on my machine (yes or no, or I don’t know): i dont know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):i dont know


#2

Hi

Do you have any error message? (Seems your certificate was not renewed successfully)

Also, your webserver is down…
Thank you


#3

Hi @hussains29

what’s the output? I can’t find a new certificate

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:true;include_subdomains:false;domain:unitedprinters.co.in;issuer_uid:4428624498008853827&lu=cert_search

If you use certonly, you have to install the certificate manual. But checking your domain there is always a 521 ( https://check-your-website.server-daten.de/?q=unitedprinters.co.in ):

So the http requests can’t find your server.


#4

Yeah… The OP is using CloudFlare and for some reason, the server is down.


#5

To be honest i just made a website for my business by watching youtube videos using Google cloud service and have linked it through cloudflare

When a few of my customers pointed out that the website is down i saw an email stating my ssl certificate is expired

i couldnt find a way to renew the expired certificates and dont no why my server is down since it is run on google cloud platform.


#6

Hi,

Could you still logon to that server by command line?
Also, please check on cloudflare dashboard if your domain security settings has been set with “full (strict)”

Thank you


#7

Yes I can add command lines through ssh portal if that’s what u meant

The cloud flare is kept at “Full”


#8

If you want to use the

authenticator, you need a running webserver which works with your Cloudflare-setting.

I don’t know enough about Cloudflare. But perhaps it’s easier that you use - this one time - the --manual option in combination with the --preferred-challenges dns - option.

So you don’t use webroot, instead create one or two dns txt entries.

Then install the certificate, then your Cloudflare setting may work again. Later you can switch back to the webroot-authentication.

./certbot-auto certonly --manual --preferred-challenges dns -d unitedprinters.co.in -d  www.unitedprinters.co.in

So you have to create two dns txt entries:

_acme-challenge.unitedprinters.co.in
_acme-challenge.www.unitedprinters.co.in

Certbot will give you two values you have to add.


#9

I use the SSH portal in google cloud services to register the SSL certificate and when i entered the code this is what came up.

./certbot-auto certonly --manual --preferred-challenges dns -d unitedprinters.co.in -d www
.unitedprinters.co.in
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for www.unitedprinters.co.in
dns-01 challenge for unitedprinters.co.in


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.
Are you OK with your IP being logged?


(Y)es/(N)o: y


Please deploy a DNS TXT record under the name
_acme-challenge.www.unitedprinters.co.in with the following value:
FYDLhrLRo2aGdFoF2EBRs2TZTcWUYtjKT9iMpCf1J8U
Before continuing, verify the record is deployed.


Press Enter to Continue


Please deploy a DNS TXT record under the name
_acme-challenge.unitedprinters.co.in with the following value:
L4NuVst1iMjq-r4VlwVKdLfbP60Jk0oZoy4PTA6skc8
Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)


Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. unitedprinters.co.in (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOM
AIN looking up TXT for _acme-challenge.unitedprinters.co.in
IMPORTANT NOTES:

  • The following errors were reported by the server:
    Domain: unitedprinters.co.in
    Type: None
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.unitedprinters.co.in

#10

If you plan to keep this server behind Cloudflare permanently, it would probably be easier to use Cloudflare’s origin CA instead of Let’s Encrypt.

https://community.letsencrypt.org/search?q=cloudflare%20origin%20ca


#11

Is it possible to remove/ revoke the existing SSL certificate through ssh portal?
if so how?


#12

./certbot-auto certificates
./certbot-auto revoke --cert-path /etc/letsencrypt/archive/${YOUR_DOMAIN}/cert1.pem or ./certbot-auto delete --cert-path /etc/letsencrypt/archive/${YOUR_DOMAIN}/cert1.pem

Thank you


#13

Why do you want to revoke it? It’s not necessarily unless the private key is compromised or you no longer control the domain.


#14

I can’t find one of your DNS TXT entries. Not with this name, not with the wrong

_acme-challenge.www.unitedprinters.co.in.unitedprinters.co.in

Perhaps share a snapshot of your dns - menu.