Unable to renew Let's Encrypt Certificate

Help
1

Hello

I am trying to renew my SSL certificate which is Let's Encrypt Authority X3 certificate.

When I hit this command via SSH

"sudo certbot renew --dry-run"

Then, the terminal throws the following error -

"Attempting to renew cert (weighinglab.com) from /etc/letsencrypt/renewal/weighinglab.com.conf produced an unexpected error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/weighinglab.com/fullchain.pem (failure)"

My Domain Name is http://weighinglab.com/

I ran this command: sudo certbot renew --dry-run

My web server is (include version): Linux

The operating system my web server runs on is (include version): Ubuntu LAMP on Ubuntu 18

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

I request you to help me in this regard and send an appropriate solution.

1 Like
2

Welcome to the Let's Encrypt Community :slightly_smiling_face:

Your port 80 seems fine to me right now. Your redirects, on the other hand, have a problem. They go from http://www to https://www then back to http:// then back to https://.

Screenshot_20200923-083349_Samsung Internet
Screenshot_20200923-083349_Samsung Internet1439×2724 579 KB

Screenshot_20200923-083531_Samsung Internet
Screenshot_20200923-083531_Samsung Internet1439×2724 648 KB

1 Like
3

Hi @princejindal

there

is your job. Add a port 80 vHost. See the documentation of your system.

4

@JuergenAuer

I checked port 80 three different ways. Looks fine to me. Did you see something I missed?

1 Like
5

You can have a perfectly working HTTP server without a virtual host: just a default host without even knowing about any hostname will do. It'll serve the same contents for every hostname provided by the HTTP Host header. But that doesn't work for the apache certbot plugin: it'll need a virtualhost to get the hostname(s) from, it'll need a virtualhost to install the certs in et cetera.

2 Likes
6

I got blocked from seeing the content in my browser due to the expired certificate. When I saw letsdebug return OK, I assumed that all was well on the far end of the redirect chain. That's my fault. I suppose this may be one of those cases where the error simply must be accepted as-is. Is there any way to confirm this error with an external tool (given that the cert is expired)?

1 Like
7

Only locally, try running:
apachectl -S

2 Likes
8

I wish I could externally use apachectl -S. Would make my initial post much easier.

2 Likes
9

Did you change your web server configuration (perhaps the configuration files /etc/apache2) significantly somehow after originally obtaining this certificate?

@rg305's suggestion of apachectl -S is helpful, although you might want to run that command with sudo for a more comprehensive output if you aren't running as root.

2 Likes
10

And I wish there was a tool that could show all layer 2 devices along a traced route.
[but that ain't happening anytime soon either]

1 Like
11

Thank you for the prompt replies and instant support.

I was able to resolve the issue by changing the port to 80 and then running the renewal command which is
sudo certbot renew --dry-run

Thank you once again everybody here for the assistance.

1 Like
12

Please remember that --dry-run means to do a (realistic) test, and won't obtain or save a new certificate that can actually be used on your public web site.

2 Likes
13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.