Ssl won't renew

LinkOrchard · March 23, 2023, 4:41pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: namedream.com

I ran this command:
certbot certonly --force-renew -d namedream.com
It produced this output:

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/namedream.com-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/namedream.com-0001/privkey.pem
Your cert will expire on 2023-06-21. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"
My web server is (include version): apache

The operating system my web server runs on is (include version): ubuntu

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): ?

Hello can you please help me renew this ssl cert. This is happening every month now. When I run ssllabs.com test it says cert is not valid. HELP!

Bruce5051 · March 23, 2023, 4:44pm

You do not want to use that option; please read User Guide — Certbot 2.6.0 documentation to understand that option.

Also why, I would expect 60 days.

LinkOrchard · March 23, 2023, 4:51pm

lol that is double dutch to me mate.

I ran sudo certbot renew and restarted the server it seems to be working

MikeMcQ · March 23, 2023, 4:52pm

That was probably the missing part

LinkOrchard · March 23, 2023, 5:04pm

Still broken.

rg305 · March 23, 2023, 5:07pm

What is "still broken"?

rg305 · March 23, 2023, 5:10pm

Does that mean...
You will pay $200 to anyone that does permanently fix this issue?
If so, "permanently" must also be defined.

[as written, you could pay $200 to your favorite charity and comply]

LinkOrchard · March 23, 2023, 5:12pm

Global world politics, housing, people in general...as regards the website, the SSL.

rg305 · March 23, 2023, 5:13pm

I don't see what is "still broken".
SSL Server Test: namedream.com (Powered by Qualys SSL Labs)
Care to explain?

LinkOrchard · March 23, 2023, 5:18pm

Ok I think this is the msg I get from SSL Labs:

This server's certificate is not trusted, see below for details.

This server supports TLS 1.0 and TLS 1.1. Grade capped to B. MORE INFO »

This site works only in browsers with SNI support.

rg305 · March 23, 2023, 5:19pm

OK, I do see the errors [now] and I'm pretty certain I can fix them permanently.
What now?

LinkOrchard · March 23, 2023, 5:22pm

Yes, you can message me on this site so we can set uo some sort of cron job. There was a cron job to renew certbot but it seems to have stopped. I will be back in a few hours and respond. The site seems to be working sometimes, not sure, could be some sort of caching issues.

rg305 · March 23, 2023, 5:23pm

There is more to "the (re)solution" than a cron job.

Bruce5051 · March 23, 2023, 5:23pm

Here I see 2 different certificates; One non-expired and the other expired.

Bruce5051 · March 23, 2023, 5:32pm

Why do you use 2 different Certificates?

Non-expired: SSL Server Test: www.namedream.com (Powered by Qualys SSL Labs)

Expired: SSL Server Test: www.namedream.com (Powered by Qualys SSL Labs)

Bruce5051 · March 23, 2023, 5:36pm

And here is a list of issued certificates https://crt.sh/?q=namedream.com, latest being 2023-03-23 for namedream.com only; the latest one with both namedream.com & www.namedream.com being 2023-02-04.

rg305 · March 23, 2023, 5:41pm

Which explains the "-0001":

And caused by the misuse of the --force:

Bruce5051 · March 23, 2023, 5:41pm

Two back to back attempts with curl -Ii https://namedream.com/; gave different results.

$ curl -Ii https://namedream.com/
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 17:39:38 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Type: text/html; charset=UTF-8

$ curl -Ii https://namedream.com/
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Here details on Apache can be found in documentation and forums:

rg305 · March 23, 2023, 5:48pm

I have.
Did you get my DM?
If not, you can message me directly as well [I think].

Bruce5051 · March 23, 2023, 5:51pm

Yes they should be able to

The have a Trust Level basic user

And here is say personal messaging
https://community.letsencrypt.org/badges/1/basic