I'm trying to renew my certificates and facing the following error My domain is: hiddendomain.com I ran this command: certbot --nginx certonly --cert-name hiddendomain.com -d hiddendomain.com,www.hiddendomain.com It produced this output: [root@ip-172-30-0-86 ~]# certbot certonly --cert-name hid…

Please see: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

[image] MRYD9877VC: urllib3 I would try uninstalling certbot 1.11.0 and installing a newer version. Then show us the version: certbot --version Then we will go from there.

Output of certbot --version [root@ip-172-30-0-86 ~]# certbot --version certbot 1.11.0 Tried running certbot 1.11.0 [root@ip-172-30-0-86 ~]# yum install certbot python2-certbot-nginx Loaded plugins: fastestmirror https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14] curl…

[image] MRYD9877VC: https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "The certificate issuer's certificate has expired. Check your system date and time." That site uses LE via default trust path: echo | openssl s_client -connect us-east.repo.webtati…

[image] rg305: Compare outputs: curl -Iki https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml curl -Ii https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml [root@ip-172-30-0-86 ~]# curl -Iki https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xm…

That confirms my suspicions... curl can get the content - but it doesn't trust the cert path being served. Also please show output of: openssl version

I ran the following command. This did it for me. yum install ca-certificates openssl Thanks a lot!

To buy us some time before running and testing this update via yum (we have OpenSSL version 1.0.2k-fips on CentOS 7), we used the --no-verify-ssl flag on the certbot renew command.

SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

Help

MRYD9877VC October 11, 2021, 5:48am 8

[root@ip-172-30-0-86 ~]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

Topic		Replies	Views
Certbot Renewal Failure Help	14	1464	October 7, 2022
Certbot renewal [SSL: CERTIFICATE_VERIFY_FAILED] Server	10	7581	September 5, 2018
Renew certificate verification failed after delete certification Help	12	3073	November 11, 2021
Cannot renew SSL Help	32	1935	December 5, 2019
Not able to renew ssl certificate Help	15	2586	September 9, 2021

SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

Related topics