Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output: Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/mail.hri.res.in/fullchain.pem (success)
My web server is (include version): OpeBSD 6.5
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: CentOS Linux release 7.9.2009
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is : certbot 0.32.0
Problem: All certificates has been updated excluding only "cert.dh.pem". It is still showing old. Please help me updated the certificate.
No, it isn't; OpenBSD is an operating system, not a web server.
No, CentOS is a different (EOL) operating system, not a hosting provider.
This is an extremely old version of certbot (were they even calling it certbot at 0.3?); it's now at release 3.something.
Again, certbot doesn't create any cert.dh.pem file. Your web server configuration (whatever your web server actually is) may specify a file for Diffie-Hellman parameters. These are not a cert, are not generated by certbot or Let's Encrypt, and ordinarily are static--they don't change over time like a certificate does.
Where did you copy it, why, and what error message did you receive? And why do you think this has anything to do with a cert.dh.pem file?
I am facing this issue, I always do the same steps to update the ssl certificates.
The details of server is as follow:
Server version: Apache/2.2.15 (Unix)
Server built: Aug 15 2017 19:44:58
Is there any more to the error, perhaps on the lines below what you posted? Because nothing there looks like it would prevent the server from starting, even if it does indicate you need to fix your Apache config.
OK, great, I guess. But you still haven't answered what the actual error is that you're seeing; none of what you posted is a fatal error. Nor have you indicated why you think this cert.dh.pem file, whatever it is, has anything to do with your problem.
I suspect that the issue is related to the privkey.pem file rather than the cert.dh.pem. I used the certbot renew command to update the SSL certificates, and while the renewal process was successful, the httpd service fails to start or restart when the new certificates are applied.
However, when I replace the new privkey.pem file with the old one, the service functions correctly. I have attached relevant snapshots to help identify the issue. Please assist me in resolving this matter.
I would appreciate your assistance in diagnosing and resolving this issue.
No, you have not. You've re-posted the same screen shot you posted previously showing that httpd failed to start, but (for the third time) not any errors that would have prevented it from starting. Without those, there really isn't anything we can do but guess.
I am generating the SSL certificates on another machine, as I always do. After generating the certificates, I copy them to my website server. However, upon copying the new certificates, the httpd service stops, and the webpage displays the following error message:
Unable to connect
An error occurred during a connection to [domain name].
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the web.
I am sharing screenshots of both the machine where the certificates were generated and the webpage displaying the error after the httpd service stops.
Kindly look into the issue and help me resolve it to restore smooth operation of our services.
Please confirm your Certbot version. Show output of:
certbot --version
Also, does journalctl -xe show any other messages when httpd fails to start? The only systemctl status messages shown are warnings. It would be helpful to know why httpd failed to start.
In future, I recommend not waiting until 2 days before expiration to renew your certificate. This isn't enough time to resolve every problem. And, takes away the option to use the prior cert to help debug. Let's Encrypt recommend 30 days prior to expiration.
ALSO:
The certificate has 4 domain names in it. There are different IP for several of these domains. Do all of the Apache servers fail? Or just one? Which? I see Apache 2.2.15, Apache 2.4.6, and another Apache which is behind a load balancer (HAproxy maybe?).
I would like to share the information as suggested by you regarding the issue:
Certbot Version: certbot 0.32.0
journalctl -xe Output: I have attached snapshots of the error logs for your reference.
Certificate Details: The certificate contains four domain names, and these domains are associated with different IP addresses.
Apache Servers: All Apache servers fail to start after updating the SSL certificates, affecting all four domains.
Server Details:
Server 1:
Apache Version: Apache/2.4.6 (CentOS)
Server Built: Mar 24, 2022, 14:57:57
Operating System: CentOS Linux 7 (Core)
Server 2:
Apache Version: Apache/2.2.15 (Unix)
Server Built: Aug 15, 2017, 19:44:58
Operating System: CentOS Linux 6.7 (Final)
Server 3:
Apache Version: Apache/2.2.15 (Unix)
Server Built: Aug 15, 2017, 19:44:58
Operating System: CentOS Linux 6.7 (Final)
Server 4:
Apache Version: Apache/2.4.6 (CentOS)
Server Built: Nov 16, 2020, 16:18:20
Operating System: CentOS Linux 7 (Core)
Please note that the issue persists across all servers, despite the different versions of Apache and CentOS.
Kindly assist me in identifying and resolving the problem to ensure the smooth operation of our services.
I am facing an issue with updating SSL certificates on our local servers. When I attempt to update the certificates, the httpd service stops. However, when accessed from outside our local network, the certificates appear to be updated successfully.
From external networks, the SSL certificates show an extended expiry date, and the connections are marked as secure. I am attaching screenshots from outside the local network as proof of this.
I kindly request your assistance in resolving this issue to ensure smooth functionality of our local servers.