Letsencrypt cert not being renewing

cguanaja 2020-12-03 17:29:12 UTC #1

Keywords: Joomla - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 5f8f2115-849b-b096-6628-adcf223b2730
Description:
Hi there,

Followed this post which had some good insight but still unable to renew Letsencrypt certificate.

I first tried to renew cert but output from both --http and --tls below.

sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt/" --email="****@gmail.com" --domains=****.com --domains=www.****.com --http --tls renew
2020/12/03 16:30:01 [INFO] [****.com] acme: Trying renewal with 54 hours remaining
2020/12/03 16:30:01 [INFO] [****.com, www.****.com] acme: Obtaining bundled SAN certificate
2020/12/03 16:30:02 [INFO] [****.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047826864
2020/12/03 16:30:02 [INFO] [www.****.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047826865
2020/12/03 16:30:02 [INFO] [****.com] acme: use tls-alpn-01 solver
2020/12/03 16:30:02 [INFO] [www.****.com] acme: use tls-alpn-01 solver
2020/12/03 16:30:02 [INFO] [****.com] acme: Trying to solve TLS-ALPN-01
2020/12/03 16:30:17 [INFO] [www.****.com] acme: Trying to solve TLS-ALPN-01
2020/12/03 16:30:21 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047826864
2020/12/03 16:30:21 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047826864
2020/12/03 16:30:22 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047826865
2020/12/03 16:30:23 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047826865
2020/12/03 16:30:23 error: one or more domains had a problem:
[****.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Error getting validation data, url:
[www.****.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Error getting validation data, url:

Then I tried to generate new cert all together but output as follows:

sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --email="****@gmail.com" --domains=****.com --domains=www.****.com --tls run
2020/12/03 16:37:58 [INFO] [****.com, www.****.com] acme: Obtaining bundled SAN certificate
2020/12/03 16:37:59 [INFO] [****.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047969487
2020/12/03 16:37:59 [INFO] [www.****.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047969488
2020/12/03 16:37:59 [INFO] [****.com] acme: use tls-alpn-01 solver
2020/12/03 16:37:59 [INFO] [www.****.com] acme: use tls-alpn-01 solver
2020/12/03 16:37:59 [INFO] [****.com] acme: Trying to solve TLS-ALPN-01
2020/12/03 16:38:04 [INFO] [www.****.com] acme: Trying to solve TLS-ALPN-01
2020/12/03 16:38:11 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047969487
2020/12/03 16:38:11 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047969487
2020/12/03 16:38:12 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047969488
2020/12/03 16:38:12 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047969488
2020/12/03 16:38:12 Could not obtain certificates:
error: one or more domains had a problem:
[****.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Error getting validation data, url:
[www.****.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Error getting validation data, url:

Did try with --http also and the following outcome.

sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --email="****@gmail.com" --domains=****.com --domains=www.****.com --http run
2020/12/03 16:38:35 [INFO] [****.com, www.****.com] acme: Obtaining bundled SAN certificate
2020/12/03 16:38:36 [INFO] [****.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047980932
2020/12/03 16:38:36 [INFO] [www.****.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047980938
2020/12/03 16:38:36 [INFO] [****.com] acme: Could not find solver for: tls-alpn-01
2020/12/03 16:38:36 [INFO] [****.com] acme: use http-01 solver
2020/12/03 16:38:36 [INFO] [www.****.com] acme: Could not find solver for: tls-alpn-01
2020/12/03 16:38:36 [INFO] [www.****.com] acme: use http-01 solver
2020/12/03 16:38:36 [INFO] [****.com] acme: Trying to solve HTTP-01
2020/12/03 16:38:41 [INFO] [www.****.com] acme: Trying to solve HTTP-01
2020/12/03 16:38:41 [INFO] [www.****.com] Served key authentication
2020/12/03 16:38:41 [INFO] [www.****.com] Served key authentication
2020/12/03 16:38:41 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047980932
2020/12/03 16:38:42 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047980932
2020/12/03 16:38:42 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047980938
2020/12/03 16:38:42 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/9047980938
2020/12/03 16:38:42 Could not obtain certificates:
error: one or more domains had a problem:
[****.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://www.****.com [216.239.32.21]: "\n\n \n <meta name=viewport content=\"initial-scale=1, minimum-scale=1, width=dev", url:
[www.****.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://www.****.com/.well-known/acme-challenge/aBqCV44LRy6RLOhcPwkLqgQhTtdLub1SPLbBm_exW8Q [216.239.36.21]: "\n\n \n <meta name=viewport content=\"initial-scale=1, minimum-scale=1, width=dev", url:

Output from apache as follows:

sudo ls -la /opt/bitnami/apache2/conf/
total 344
drwxr-xr-x 5 bitnami root 4096 Dec 3 16:24 .
drwxr-xr-x 14 root root 4096 Jan 28 2020 ..
drwxr-xr-x 2 bitnami root 4096 Jul 9 04:56 bitnami
-rw-r--r-- 1 bitnami root 289 Jan 28 2020 deflate.conf
lrwxrwxrwx 1 root root 60 Jul 9 04:56 ****.com.crt -> /opt/bitnami/letsencrypt/certificates/****.com.crt
lrwxrwxrwx 1 root root 60 Jul 9 04:56 ****.com.key -> /opt/bitnami/letsencrypt/certificates/****.com.key
drwxr-xr-x 2 bitnami root 4096 Jan 28 2020 extra
-rw-r--r-- 1 bitnami root 20117 Jul 9 04:56 httpd.conf
-rw-r--r-- 1 root root 20108 Jan 28 2020 httpd.conf.back.202007090454
-rw-r--r-- 1 bitnami root 13064 Jan 15 2020 magic
-rw-r--r-- 1 bitnami root 60847 Jan 15 2020 mime.types
-rw------- 1 bitnami root 8440 Dec 4 2018 modsecurity.conf
drwxr-xr-x 3 bitnami root 4096 Jan 28 2020 original
-rw-r--r-- 1 bitnami root 17597 Jan 28 2020 pagespeed.conf
-rw-r--r-- 1 bitnami root 141034 Jan 28 2020 pagespeed_libraries.conf
-rw-r--r-- 1 bitnami root 199 Jan 28 2020 php-fpm-apache.conf
-rw------- 1 bitnami root 1854 Jul 8 22:20 privkey.pem
lrwxrwxrwx 1 root root 60 Dec 3 16:24 server.crt -> /opt/bitnami/letsencrypt/certificates/****.com.crt
-rw------- 1 root root 985 Jul 8 22:20 server.csr
lrwxrwxrwx 1 root root 60 Dec 3 16:23 server.key -> /opt/bitnami/letsencrypt/certificates/****.com.key
-rw-r--r-- 1 bitnami root 203 Jan 28 2020 ssi.conf

And I don't have lego installed on my instance as /etc/ has no reference for it so tried to install it but no luck.

sudo apt install lego
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package lego

I followed post mentioned above and helped somehow but still unable to renew cert - support code is 5f8f2115-849b-b096-6628-adcf223b2730.

Please note also that I followed the support tool -> sudo /opt/bitnami/bnhelper-tool and chose the "Set up Let's Encrypt" option and this did not work either.

I get the following warning:

Warning: A certificate for the list of domains you entered already exists. It
will be used instead of generating a new one.
Press [Enter] to continue:
Warning: The domain '****.com' resolves to a different IP address than
the one detected for this machine, which is '3.85.27.255'. Please fix its DNS
entries or remove it. For more info see:
https://docs.bitnami.com/general/faq/configuration/configure-custom-domain/

DNS entry is pointing to correct IP but seems letsencrypt is holding an IP address that I used? How is this IP updated in lego? DNS entry is resolving to correct IP address as site is running and just need to renew certificate before Dec 5th this year.

Many thanks.

cguanaja 2020-12-03 18:06:12 UTC #2

Please note that I checked above link about 'custom domain' but valid IP for DNS is correctly setup on DNS registrar - not sure what DNS entries need to be fixed or removed?

Many thanks.

cguanaja 2020-12-03 19:03:13 UTC #3

Issue has been sorted out - there was a DNS issue so had to update entries in DNS registrar and that solved the problem - cert has been renewed and a quick question.

Is there any post that shows how to automate this process via a crontab?

Many thanks.

Fadalken 2020-12-04 09:11:59 UTC #4

Hi Cguanaja,

I am by no means a professional and came across this post as I am having issues with ssl and my server as well but I think what you are asking for is the bncert tool. With the tool you can renew ssl certificates and also automate the process.
It wont help with DNS issues though.

Greetings

Ibone 2020-12-04 09:29:50 UTC #5

Hi @Fadalken,

Thanks for using Bitnami

Could you check this guide https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#step-5-renew-the-let-s-encrypt-certificate?

Regards,
Ibone.

Fadalken 2020-12-04 10:01:43 UTC #6

https://docs.bitnami.com/aws/faq/administration/generate-configure-certificate-letsencrypt/

system 2020-12-18 10:01:45 UTC #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Bitnami provides free all-in-one installers, virtual machines and cloud images for popular open source applications. Get them now!