Very new and unable to renew my SSL after barely getting it going :(

Xarcolt · September 3, 2019, 4:36am

I once managed to figure out how to get an ssl running through letsencrypt-win-sample (I think it had a vague feature I needed?) it took three days straight to learn just enough to get it going. Given that it created a scheduled task to renew the certificate, I assumed my struggle was over. The SSL should’ve renewed over a week ago and expires on the 20th (this month of September). I tried the renewal procedure in both that and win-acme.v2.0.9.3 only to get errors saying “validation plugin not found or created” and “renewal for xarus.no-ip.org failed, will retry on next run” . Perhaps that’s why it couldn’t renew? All I know is I’d rather not let it expire only to spend another coffee-ridden three days of all nighters re-learning how I got my wamp server under my desk to have a valid ssl all over again I do apologize if this problem has been addressed elsewhere, I searched for days but I’m not as technical as any of this lets me pretend to be.

My domain is: xarus.no-ip.org

I ran this command: (menu options) Renew scheduled, specific, and all

It produced this output:
[EROR] Validation plugin not found or created.
[EROR] Renewal for xarus.no-ip.org failed, will retry on next run

Also reassuring at least to see that selecting ACME account details shows Status: valid

My web server is (include version): WAMPSERVER 3.1.7 running Apache 2.4.37

The operating system my web server runs on is (include version): Windows 8.1 version 6.3 (Build 9600)

My hosting provider, if applicable, is: Website hosted on said personal computer, domain provided by www.noip.com

I can login to a root shell on my machine (yes or no, or I don’t know): Pretty sure?

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): um? is Wamp a control panel? i just kinda use the regular windows file browsing to mess with configs and things i barely know anything about.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Literally the first copy of letsencrypt-win-sample
and then win-acme.v2.0.9.386

I hope this is helpful info, rather freaking out to be completely honest :’) took far too much effort just to set things up this much to the point where i just occasionally image the drive so i dont have to worry about messing with the configs and etc and spending countless hours again :")

rg305 · September 3, 2019, 4:47am

You seem to have the latest release of win-acme.
[this is good]

And you seem to be running a recent release of Apache (2.4.37).
[this is good/simple]

The BAD news is that your cert has been revoked:
https://www.ssllabs.com/ssltest/analyze.html?d=xarus.no-ip.org&hideResults=on

Unfortunately, I’m not familiar with the win-acme client, so I won’t be much help to you with that.
However, you should be able to reinstall it (onto itself) to insure it has all the “plugins” [that may have been misplaced or deleted] - which may fix the missing plugin problem and get you certified again.

Xarcolt · September 3, 2019, 4:50am

yeah… i was wondering if the revoke showed up or not. thanks for that sanity check. I revoked it thinking it would absolve some conflict :") thinking about deleting and generating a brand new ssl but kinda scared considering the hoops it took last time. Sounds like there’s nowhere else to go at that point since the revoke actually worked

JuergenAuer · September 3, 2019, 5:54am

Hi @Xarcolt

don’t revoke certificates if the private key isn’t stolen. And don’t delete active certificates if you don’t have a new certificate. That may break your existing configuration.

Ignore the old certificate, create a new, then install it. If something goes wrong, you have the old as backup.

Xarcolt · September 3, 2019, 6:39am

Really good thing I sat down for coffee before going at it; thanks! Going to try that then.

Xarcolt · September 4, 2019, 8:10am

So I THINK I successfully generated a new certificate but I’m at a loss where I’m supposed to get updated CRT and KEY files (which i suspect store a new expiry date for browsers to see given my old one still shows the 20th) my problem with having the client update the certificate was a config i set in wamp to redirect from port 80 to 443. commenting it out temporarily fixed the problem. So i think however those CRT and KEY files came about, would result in a fully restored certificate?

JuergenAuer · September 4, 2019, 8:16am

You have created a new certificate - https://check-your-website.server-daten.de/?q=xarus.no-ip.org

CN=xarus.no-ip.org
	04.09.2019
	03.12.2019
expires in 90 days	xarus.no-ip.org - 1 entry

and you use it:

Domainname	Http-Status	redirect	Sec.	G
• http://xarus.no-ip.org/
73.14.85.198	301	https://xarus.no-ip.org/	0.316	A

• https://xarus.no-ip.org/
73.14.85.198	200		3.270	B

A correct redirect http -> https, https has a Grade B, that’s good.

If you see an old certificate, it’s only your browser cache.

Xarcolt · September 4, 2019, 9:20am

-clears cache-

OMG that WAS the problem YAY. Sorry for shouting but I’m so happy right now!!! Awesome!

JuergenAuer · September 4, 2019, 9:24am

Happens. Everyone knows that problem

system · October 4, 2019, 9:24am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.