noarge
February 18, 2019, 10:02am
1
Hi,
The letsencrypt certificate has expired and I don’t know what I can do. I followed this tutorial to install and create certificates when it was letsencrypt not cerbot (https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04 )
domains: bbicommunication.com and www.bbicommunication.com
I have tried with letsencrypt renew but I understand that because the certificate has expired, it does not work.
Any idea?
_az
February 18, 2019, 10:04am
2
It should work whether or not the certificate has expired.
To help you, could you please provide the full output of the certbot renew command, as well as:
certbot --version
Hi @noarge
perhaps your certbot / letsencrypt is too old. And you may have used tls-sni-01 - validation, this is deprecated, support ends.
We need more informations (standard template from Help
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
PS: Your domain is completely invisible ( https://check-your-website.server-daten.de/?q=bbicommunication.com ):
Only timeouts.
So you can't use http-01 - validation, an open port 80 is required (http-01 follows tls-sni-01).
_az
February 18, 2019, 10:20am
4
Looks OK to me - and Let's Encrypt staging can connect as well - Let's Debug
_az:
Looks OK to me
Yep, now it's open, but there is a wrong redirect:
http + /.well-known -> https + /.well-known, that's ok.
But then follows a redirect to /, that's bad.
noarge
February 18, 2019, 10:24am
6
Hi JuergenAuer,
This is the output I get with the letsencrypt renew command.
Version - 0.4.1
Your Letsencrypt is too old.
Update to certbot or certbot-auto.
noarge
February 18, 2019, 10:37am
8
Ok,
I try following this tutorial.
I supose I have to install on the etc folder, isn’t it?
Could you tell me which command I have to use?
Thank you
You have an Apache.
So start with
sudo certbot --apache
then certbot should ask the other things and create a config file.
PS: No, first fix your wrong redirect.
PPS: Or the Apache-plugin ignores that error.
Again a PS:
Perhaps first create a test-certificate.
sudo certbot --apache --dry-run
to check if your configuration works.
noarge
February 18, 2019, 10:45am
11
Ok,
So on the root folder I do:
sudo apt-get update
sudo apt-get install software-properties-common sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot sudo apt-get update
sudo apt-get install certbot python-certbot-apache
sudo certbot --apache --dry-run
and then
sudo certbot --apache
Do I have to do anything with the configuration I had? I mean, Do I have to remove the letsencrypt folder I had?
This
is only one time required.
Use
to test, then
noarge:
sudo certbot --apache
to create a new productive certificate.
Ignore it. I don't know which folders this very old letsencrypt uses, perhaps the same. You can see that later (certbot certificates).
https://certbot.eff.org/docs/using.html
noarge
February 18, 2019, 2:15pm
14
Hi,
Finally, it is solved.
I have changed:
sudo apt-get install certbot python-certbot-apache
Thank you very much.
system
March 20, 2019, 2:15pm
15
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
