SSL Renewed but not working

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: survtapp.com

I ran this command: certbot certonly --manual -d "survtapp.com,www.survtapp.com"

It produced this output: > Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator manual, Installer None


You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/survtapp.com-0001.conf)

It contains these names: survtapp.com

You requested these names for the new certificate: survtapp.com,
www.survtapp.com.

Do you want to expand and replace this existing certificate with the new
certificate?


(E)xpand/(C)ancel: e
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.survtapp.com


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?


(Y)es/(N)o: y


Create a file containing just this data:

mzy4s2j2_eGm9XiYxLf-WG1S2oXXXEy05UXXXXvv6Bw.yoKmb4eJ3WYCs2YS1mC3mtzqt5jZhu19xMA35Yn1Ros

And make it available on your web server at this URL:

http://www.survtapp.com/.well-known/acme-challenge/mzy4s2j2_eGm9XiYxLf-WG1S2ommFEy05UViKXvv6Bw


Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/survtapp.com-0001/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/survtapp.com-0001/privkey.pem
    Your cert will expire on 2022-04-07. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    "certbot renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
    Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

My web server is (include version): Ubuntu 20

The operating system my web server runs on is (include version): Apache

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

What do you mean by "not working"?

Your Let's Encrypt certs seem fine. See:

2 Likes

You used --manual option. The certificate is available, see the location near the end of the command output. You just have to use it (configure into a TLS service, for example).

2 Likes

Why would you use the manual plugin anyway? It's highly unusual to use that plugin for the http-01 challenge.

3 Likes

I pointed that out on your other topic, but I'll point it out here as well.
See: SSL Renewed but Intermediate Certificate Failed - #3 by rg305

To confirm that your cert(s) are covering all the expected name(s), please show the output of:
certbot certificates

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.