Tried to renew the certificate but it expires today

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: wedoio.com

I ran this command: certbot certonly --manual

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): wedoio.com
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for wedoio.com


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?


(Y)es/(N)o: y


Create a file containing just this data:

6qABuwUCD2HSqKh91w3sfIaoceuy72oCjATYfuM37PQ.OBxMZFVvBwV4kVBL9WlRUVdagUkqtHltIi0MfRKxeQU

And make it available on your web server at this URL:

http://wedoio.com/.well-known/acme-challenge/6qABuwUCD2HSqKh91w3sfIaoceuy72oCjATYfuM37PQ


Press Enter to Continue
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/wedoio.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/wedoio.com/privkey.pem
    Your cert will expire on 2019-11-18. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version): Apache 2.4.18

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Azure

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hi @Dev-Wedoio

certonly doesn't install the certificate and doesn't restart your server. That's required to use a certificate.

So first step: Restart your server.

Second: You have hitted the limit - https://check-your-website.server-daten.de/?q=wedoio.com#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-11-18 2020-02-16 wedoio.com - 1 entries duplicate nr. 5 next Letsencrypt certificate: 2019-11-25 08:17:17
Let's Encrypt Authority X3 2019-11-18 2020-02-16 wedoio.com - 1 entries duplicate nr. 4
Let's Encrypt Authority X3 2019-11-18 2020-02-16 wedoio.com - 1 entries duplicate nr. 3
Let's Encrypt Authority X3 2019-11-18 2020-02-16 wedoio.com - 1 entries duplicate nr. 2
Let's Encrypt Authority X3 2019-11-18 2020-02-16 wedoio.com - 1 entries duplicate nr. 1

But you are creating the wrong certificate. You have a www dns entry, but your www version is insecure.

So create one certificate with both domain names. Something like

certbot certonly --manual -d wedoio.com -d www.wedoio.com

then two validation files are required.

I just tried but it didn’t work. the most important thing for the moment is to get back wedoio.com with a valid certificate actually since the other domain name is not used. but I hit the rate limit. Is there a way to reset the rate limit or even pay for a new certificate so we can use our services ?

What didn't work? A server restart is required. And why do you use certonly?

Checking with my browser now there is another Comodo certificate, expired 2019-10-20 with malerfirmaetvmb.dk.

I restarted the server and tried to renew the certificate but it gave me the error about the rate limit.

Any Idea of what I could do ? actually it’s still not renewed. My partner tried to buy another certificate but for a different server. That might be the certificate you detect. but my problem is still full @ JuergenAuer

That's expected. You have created 5 identical certificates, read

It's a certificate installation problem, not a certificate creation problem. So you don't need again a certificate, you have 5.

If you use certonly, you have to install the certificate. So do that instead of repeating a command that has already worked.

certbot certificates
apachectl -S

Read some basics - User Guide — Certbot 1.21.0 documentation

The result of the commands :

certbot certificates :

Certificate Name: wedoio.com
Domains: wedoio.com
Expiry Date: 2019-11-18 08:41:03+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/wedoio.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/wedoio.com/privkey.pem

apachectl -S
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 10.0.0.5. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server wedoio.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost wedoio.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)

*:80 is a NameVirtualHost
default server wedoio.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost wedoio.com (/etc/apache2/sites-enabled/000-default.conf:1)

As you see, the certificates was still not renewed and expires today.

This could possibly be a symptom of renamed or corrupt links within /etc/letsencrypt (if you rename files there, Certbot can get confused and even fail to save your new certificates in some cases).

Could you show the output of this command?

sudo ls -lR /etc/letsencrypt/{live,archive}

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.