What can I do if the letsencrypt certificate has expired?

#1

Hi,

The letsencrypt certificate has expired and I don’t know what I can do. I followed this tutorial to install and create certificates when it was letsencrypt not cerbot (https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04)

domains: bbicommunication.com and www.bbicommunication.com
Host: digitalocean
Apache
Ubuntu 16.04

I have tried with letsencrypt renew but I understand that because the certificate has expired, it does not work.

Any idea?

#2

It should work whether or not the certificate has expired.

To help you, could you please provide the full output of the certbot renew command, as well as:

certbot --version
#3

Hi @noarge

perhaps your certbot / letsencrypt is too old. And you may have used tls-sni-01 - validation, this is deprecated, support ends.

We need more informations (standard template from #help ):

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


PS: Your domain is completely invisible ( https://check-your-website.server-daten.de/?q=bbicommunication.com ):

Domainname Http-Status redirect Sec. G
http://bbicommunication.com/
139.59.145.98 -14 10.027 T
Timeout - The operation has timed out
http://www.bbicommunication.com/
139.59.145.98 -14 10.027 T
Timeout - The operation has timed out
https://bbicommunication.com/
139.59.145.98 -14 10.024 T
Timeout - The operation has timed out
https://www.bbicommunication.com/
139.59.145.98 -14 10.027 T
Timeout - The operation has timed out
http://bbicommunication.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
139.59.145.98 -14 10.027 T
Timeout - The operation has timed out
http://www.bbicommunication.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
139.59.145.98 -14 10.027 T
Timeout - The operation has timed out

Only timeouts.

So you can’t use http-01 - validation, an open port 80 is required (http-01 follows tls-sni-01).

#4

Looks OK to me - and Let’s Encrypt staging can connect as well - https://letsdebug.net/bbicommunication.com/23773?debug=y

#5

Yep, now it’s open, but there is a wrong redirect:

http + /.well-known -> https + /.well-known, that’s ok.

But then follows a redirect to /, that’s bad.

#6

Hi JuergenAuer,

This is the output I get with the letsencrypt renew command.

Version - 0.4.1

#7

Your Letsencrypt is too old.

Update to certbot or certbot-auto.

#8

Ok,

I try following this tutorial.

I supose I have to install on the etc folder, isn’t it?

Could you tell me which command I have to use?
Something like: certbot install -d domain ??

Thank you

#9

You have an Apache.

So start with

sudo certbot --apache

then certbot should ask the other things and create a config file.

PS: No, first fix your wrong redirect.

PPS: Or the Apache-plugin ignores that error.

#10

Again a PS:

Perhaps first create a test-certificate.

sudo certbot --apache --dry-run

to check if your configuration works.

#11

Ok,

So on the root folder I do:

sudo apt-get update sudo apt-get install software-properties-common
sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update sudo apt-get install certbot python-certbot-apache

sudo certbot --apache --dry-run

and then

sudo certbot --apache

Do I have to do anything with the configuration I had? I mean, Do I have to remove the letsencrypt folder I had?

#12

This

is only one time required.

Use

to test, then

to create a new productive certificate.

Ignore it. I don’t know which folders this very old letsencrypt uses, perhaps the same. You can see that later (certbot certificates).

#14

Hi,

Finally, it is solved.

I have changed:

sudo apt-get install certbot python-certbot-apache
to
sudo apt-get install python-certbot-apache

Thank you very much.

closed #15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.