SSL not able to auto renew

Hi, previously I followed this link to generate the SSL. After that I followed this article to do auto renewal. But I keep having issue to do auto renewal and here is the error.

Any particular reason you are using the tls-alpn-01 challenge type instead of just using http validation?

I think you'd need to stop your webserver (which is currently using port 443 for https) before tls-alpn-01 would work (because that also needs to use port 443).

5 Likes

Hi, nope I was just following the article here. But somehow when i tried to do auto renewal i can see my cron job scheduled but it is not renewing.

That example does indeed use tls validation, I would probably have used http validation instead but I don't know much about the lego client to help you.

Did you setup Step 5 of that article (where you stop and start the webserver with a script as part of your renewal)?

4 Likes

@darylaurito The AWS steps used the DNS challenge and making a wildcard cert. Did you make a wildcard cert? Because DNS challenge is required to issue another one. The TLS-ALPN challenge won't work - even if you get it working at all.

4 Likes

@MikeMcQ I only able to got it renew when I went to my cloudflare and add in the text record. Which I find it too manual. I will require it to auto renew when expiry come near.

@webprofusion same goes for my plesk server. I got a primary domain registered, and this sub-domain I am using plesk for try out. Same goes I have to access my hosting panel to add in the txt record to be able to challenge and renew my SSL.

Instead of the --manual command shown by that AWS page you could use a DNS plug-in to automate adding the TXT record. See the following

https://eff-certbot.readthedocs.io/en/stable/using.html#dns-plugins

2 Likes