Unable to renew certificate

tjtharappel · August 12, 2024, 12:44pm

while updating the certificate shows connection refused and nginx shows http request send to HTTPS port and there is only an https redirect.

server {
listen 80;
server_name apps.factnet.co.in;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /var/www/vinslip;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn_vinslip.sock;
}

}
server {
listen 443 ssl;
rewrite ^/(.*)$ http://$host$1 redirect;
ssl_certificate /etc/letsencrypt/live/apps.factnet.co.in/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/apps.factnet.co.in/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

griffin · August 12, 2024, 1:30pm

Welcome to the Let's Encrypt Community!

Why are you redirecting HTTPS to HTTP? It's usually the other way around.

tjtharappel · August 13, 2024, 3:07am

Hi Griffin,
The certificate expired 3 days ago, and many users aren’t sure how to proceed through the browser’s advanced options to access the page.

MikeMcQ · August 13, 2024, 3:22am

There are numerous problems. The main one is both HTTP and HTTPS connections to your domain are refused.

But, that nginx config has all of your requests handled by your HTTP (port 80) server block. You are not getting the benefit of having a cert and using HTTPS.

You must first restore connectivity to your domain. Check firewalls. Check that the IP in the public DNS matches the public IP of your server. Check any port forwarding or NAT you may have. Use the Let's Debug test site to check your connection. https://letsdebug.net

Once you pass the Let's Debug test try to get a cert. If that fails please answer as many questions as you can from the form below

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

tjtharappel · August 13, 2024, 4:58am

My domain is : apps.factnet.co.in
I ran this command: sudo certbot -v certonly -d apps.factnet.co.in
it produced this output: During secondary validation: 61.1.183.84: Invalid response from http://apps.factnet.co.in/.well-known/acme-challenge/N0Y1RjHCqnL3DQzoORW20ILMMkqoyrgeQ8KCtKJoHFk: 404

My webserver is nginx 1.18
root shell access : yes
certbot 2.11.0

tjtharappel · August 13, 2024, 6:54am

Now am getting a 404 response when http01. But I am able to get the test files using browser from the specified folder

system · September 12, 2024, 6:54am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cannot renew certs when redirecting http to https	22	63469	May 12, 2018
Error renewing cert, certbot status 400 Help	4	2877	March 14, 2019
Will changing ssl port prevent certbot from renewing certificate? Help	11	2360	August 26, 2017
SSL Certificate will NOT renew - Redirect to blame? Help	38	684	August 6, 2023
Certbot renew fails with connection refused Help	30	2558	March 28, 2021

Unable to renew certificate

Related topics