We are in a emergency situation. Our LMS is currently down due to the fact that our SSL security certificate expired a few days ago. Our original developers never gave us this information. AWS is our hosting and alarmed us that you guys need to renew our certificate. This has totally interferes with our business because it didn’t somehow do an automated renewal.
Our website is globalempowermentedu.com
Hello @Darjan1, welcome to the Let's Encrypt community. 
More details would be helpful, right now we know your are using ASW and the domain name.
Here are a few links that possibly what I perceive you are talking about, correct me if I am wrong here.
- Certificates for localhost - Let's Encrypt
- HTTPS for local network only
- Certificates for hosts on private networks
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: globalempowermentedu.com
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Thank you for assisting us in helping YOU!
1 Like
AWS informed you incorrectly; you need to renew your certificate--if you've ever had one. But as it happens, you haven't; there's never been a cert issued (from Let's Encrypt or any other public CA) for globalempowermentedu.com:
Your site isn't serving HTTPS and, since there's never been a cert for that domain, likely never has. But there's nothing obvious preventing you from getting one:
https://letsdebug.net/globalempowermentedu.com/
Suggest you start with the Getting Started guide and go from there:
6 Likes
Yeah, I had seen that and expect it since the title is "We need to renew our SSL private certificate",
but often I incorrectly read what is between the lines. 
1 Like
Note: moved from Client Dev to Help
2 Likes
The actual domain is globalempowermentedu.com
They have gotten a Let's Encrypt cert that expired 2 days ago.
https://crt.sh/?q=globalempowermentedu.com&deduplicate=Y
The formatting of their first post was faulty which split global from the rest of the name.
It looks like they are using an AWS cert and Load Balancer. There may be problems on their origin server due to the cert
3 Likes
And they decided to open another topic on that actual name - LOL
Merged the two.
3 Likes
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.globalempowermentedu.com
I ran this command:
It produced this output:
My web server is (include version): NGINX
The operating system my web server runs on is (include version): LINX
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Dang, I am no better than a computer. Garbage in, garbage out. Sorry folks.
2 Likes
A couple of issues using online tool https://letsdebug.net/ with HTTP-01 Challenge
Let's Debug
1 Like
OK, I've removed all traces of the incorrect name.
3 Likes
Can you describe more what the problem is? Most important - how did you get the Let's Encrypt cert that did not renew. All LE certs are issued by using an ACME client to request one. No one here can issue one for you. You must have used such a client program to get it. A common client is Certbot, for example.
Right now there looks like some misconfiguration because your site issues 301 redirects without end. I don't know it's related to an expired cert. That looks more like a server or other config error.
You can see an HTTP request is redirected by awselb (load balancer) but then your nginx server repeatedly redirects the home page to itself
curl -iL http://globalempowermentedu.com
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Location: https://globalempowermentedu.com:443/
HTTP/2 301
location: https://globalempowermentedu.com/
server: nginx/1.20.1
HTTP/2 301
location: https://globalempowermentedu.com/
server: nginx/1.20.1
HTTP/2 301
location: https://globalempowermentedu.com/
server: nginx/1.20.1
3 Likes
It looks like you got a fresh cert and your HTTPS site is working.
Let us know if you need further assistance. And, if one of these posts led to the solution please mark it as such. Thanks
echo | openssl s_client -connect globalempowermentedu.com:443
Certificate chain
0 s:CN = globalempowermentedu.com
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Dec 6 21:02:38 2022 GMT; NotAfter: Mar 6 21:02:37 2023 GMT
and:
curl -I https://globalempowermentedu.com
HTTP/2 200
server: nginx
3 Likes
With SSL Server Test (Powered by Qualys SSL Labs) there are different results for www.globalempowermentedu.com vs globalempowermentedu.com
SSL Server Test: www.globalempowermentedu.com (Powered by Qualys SSL Labs)
SSL Server Test: globalempowermentedu.com (Powered by Qualys SSL Labs)
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.