Unable to renew my ssl certificates

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: qadiantimes.in

I ran this command: sudo /opt/bitnami/letsencrypt/lego --tls --email="qadiantimesofficial@gmail.com" --domains=“qadiantimes.in” --path="/opt/bitnami/letsencrypt" renew --days 90

It produced this output: zeeshandehlvi@qadiantimes-vm:/opt/bitnami/letsencrypt$ sudo /opt/bitnami/letsencrypt/lego --tls --email="qadiantimesofficial@gmail.com" --domains=“qadiantimes.in” --path="/opt/bitnami/letsencrypt" renew --days 90

2020/08/11 19:09:46 [INFO] [qadiantimes.in] acme: Trying renewal with -248 hours remaining
2020/08/11 19:09:46 [INFO] [qadiantimes.in, donate.qadiantimes.in, hindi.qadiantimes.in, main.qadiantimes.in, punjabi.qadiantimes.in, shop.qadiantimes.in, tv.qadiantimes.in, urdu.qadiantimes.in, www.donate.qadiantimes.in, www.hindi.qadiantimes.in, www.main.qadiantimes.in, www.punjabi.qadiantimes.in, www.qadiantimes.in, www.shop.qadiantimes.in, www.tv.qadiantimes.in, www.urdu.qadiantimes.in] acme: Obtaining bundled SAN certificate
2020/08/11 19:09:47 [INFO] [donate.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780746
2020/08/11 19:09:47 [INFO] [hindi.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780747
2020/08/11 19:09:47 [INFO] [main.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780750
2020/08/11 19:09:47 [INFO] [punjabi.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780752
2020/08/11 19:09:47 [INFO] [qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780753
2020/08/11 19:09:47 [INFO] [shop.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780754
2020/08/11 19:09:47 [INFO] [tv.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780755
2020/08/11 19:09:47 [INFO] [urdu.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780756
2020/08/11 19:09:47 [INFO] [www.donate.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780757
2020/08/11 19:09:47 [INFO] [www.hindi.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780758
2020/08/11 19:09:47 [INFO] [www.main.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780759
2020/08/11 19:09:47 [INFO] [www.punjabi.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780760
2020/08/11 19:09:47 [INFO] [www.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780761
2020/08/11 19:09:47 [INFO] [www.shop.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780762
2020/08/11 19:09:47 [INFO] [www.tv.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780764
2020/08/11 19:09:47 [INFO] [www.urdu.qadiantimes.in] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780765
2020/08/11 19:09:47 [INFO] [donate.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [punjabi.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [hindi.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [main.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [shop.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [tv.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [urdu.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [www.donate.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [www.hindi.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [www.main.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [www.punjabi.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [www.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [www.shop.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [www.tv.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [www.urdu.qadiantimes.in] acme: use tls-alpn-01 solver
2020/08/11 19:09:47 [INFO] [donate.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:09:53 [INFO] [punjabi.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:00 [INFO] [hindi.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:04 [INFO] [main.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:05 [INFO] [qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:06 [INFO] [shop.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:07 [INFO] [tv.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:07 [INFO] [urdu.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:08 [INFO] [www.donate.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:08 [INFO] [www.hindi.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:09 [INFO] [www.main.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:09 [INFO] [www.punjabi.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:15 [INFO] [www.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:16 [INFO] [www.shop.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:16 [INFO] [www.tv.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:18 [INFO] [www.urdu.qadiantimes.in] acme: Trying to solve TLS-ALPN-01
2020/08/11 19:10:19 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780746
2020/08/11 19:10:19 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780746
2020/08/11 19:10:20 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780747
2020/08/11 19:10:20 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780747
2020/08/11 19:10:20 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780750
2020/08/11 19:10:20 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780750
2020/08/11 19:10:20 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780752
2020/08/11 19:10:20 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780752
2020/08/11 19:10:20 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780753
2020/08/11 19:10:21 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780753
2020/08/11 19:10:21 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780754
2020/08/11 19:10:21 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780754
2020/08/11 19:10:21 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780755
2020/08/11 19:10:21 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780755
2020/08/11 19:10:21 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780756
2020/08/11 19:10:21 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780756
2020/08/11 19:10:21 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780757
2020/08/11 19:10:21 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780757
2020/08/11 19:10:22 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780758
2020/08/11 19:10:22 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780758
2020/08/11 19:10:22 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780759
2020/08/11 19:10:22 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780759
2020/08/11 19:10:22 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780760
2020/08/11 19:10:22 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780760
2020/08/11 19:10:22 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780761
2020/08/11 19:10:22 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780761
2020/08/11 19:10:22 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780762
2020/08/11 19:10:22 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780762
2020/08/11 19:10:23 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780764
2020/08/11 19:10:23 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780764
2020/08/11 19:10:23 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780765
2020/08/11 19:10:23 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6463780765
2020/08/11 19:10:23 acme: Error -> One or more domains had a problem:
[donate.qadiantimes.in] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol “acme-tls/1” for tls-alpn-01 challenge, url:
[hindi.qadiantimes.in] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol “acme-tls/1” for tls-alpn-01 challenge, url:
[main.qadiantimes.in] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol “acme-tls/1” for tls-alpn-01 challenge, url:
[punjabi.qadiantimes.in] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol “acme-tls/1” for tls-alpn-01 challenge, url:
[qadiantimes.in] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol “acme-tls/1” for tls-alpn-01 challenge, url:
[shop.qadiantimes.in] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol “acme-tls/1” for tls-alpn-01 challenge, url:
[tv.qadiantimes.in] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol “acme-tls/1” for tls-alpn-01 challenge, url:
[urdu.qadiantimes.in] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol “acme-tls/1” for tls-alpn-01 challenge, url:
[www.donate.qadiantimes.in] acme: error: 400 :: urn:ietf:params:acme:error:tls :: remote error: tls: handshake failure, url:
[www.hindi.qadiantimes.in] acme: error: 400 :: urn:ietf:params:acme:error:tls :: remote error: tls: handshake failure, url:
[www.main.qadiantimes.in] acme: error: 400 :: urn:ietf:params:acme:error:tls :: remote error: tls: handshake failure, url:
[www.punjabi.qadiantimes.in] acme: error: 400 :: urn:ietf:params:acme:error:tls :: remote error: tls: handshake failure, url:
[www.qadiantimes.in] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol “acme-tls/1” for tls-alpn-01 challenge, url:
[www.shop.qadiantimes.in] acme: error: 400 :: urn:ietf:params:acme:error:tls :: remote error: tls: handshake failure, url:
[www.tv.qadiantimes.in] acme: error: 400 :: urn:ietf:params:acme:error:tls :: remote error: tls: handshake failure, url:
[www.urdu.qadiantimes.in] acme: error: 400 :: urn:ietf:params:acme:error:tls :: remote error: tls: handshake failure, url:

My web server is (include version): Apache/2.4.43 (Unix)

The operating system my web server runs on is (include version): SMP Debian 4.9.210-1 (2020-01-20) x86_64

My hosting provider, if applicable, is: Google Cloud

I can login to a root shell on my machine (yes or no, or I don’t know): i dont know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.7.0

please help meeeee plzzzzzzzzzz

Did that command ever work?

Something stupid is going on.

i don’t know man … am i doing something wrong.
i tried to renew my ssl certificates for the first time nd i m getting these buch of errors…

i followed this article to renew my certificate
https://docs.bitnami.com/general/how-to/generate-install-lets-encrypt-ssl/

Yeah, that means there should not be certbot installed on that machine.

Why are you using tls-alpn-01 challenges: did you make this choice explicitly and consciously?

no i still have no idea what that ‘tls-alpn-01’ means …
anyways ssl is working now
i tried to delete and regenerate the cerificates multiple times … still it wasnt working and was still throwing the same handshake failure error but this time with some dns errors too.

I am using Cloudflare CDN
so what i did was… i removed the cloudflare nameservers from my domain and added the Google cloud nameservers
and i repeated the same steps again to generate certificate and this time it was a sucesss
after that i added back the cloudflare NS to main domain … and yeah it is working perfectly …

but i do want to ask something…

sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90

in this certificate renewal script this “–days 90” can i change this to like 80 days ??? it won’t cause any errors ryt ???

This could defintely be a reason why tls-alpn-01 failed.

What does that option do? If it's how many days to wait before renewing, go for 60.

(You should check if you can use http-01 or dns-01 instead of tls-alpn-01, as they should work without swapping nameservers)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.