Letsencrypt won't renew certificate

[rwzdoorn]

Hi,

Our development server has an issue with renewing a let's encrypt certificate. I manually created a new certificate, it gives the succes message, but when visiting the server webpage I still see the expired certificate. Now I want to paste the generated private key and certificate so I can manually renew the certificate. How can I get this working?

Output of directadmin certificate creation:
2020/07/07 13:08:56 No key found for account [email protected]. Generating a 4096 key.
2020/07/07 13:08:58 Saved key to /usr/local/directadmin/data/.lego/accounts/acme-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2020/07/07 13:08:58 [INFO] acme: Registering account for [email protected]
!!! HEADS UP !!!

Your account credentials have been saved in your Let’s Encrypt
configuration directory at “/usr/local/directadmin/data/.lego/accounts”.

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let’s Encrypt so making regular
backups of this folder is ideal.
2020/07/07 13:08:59 [INFO] [act.domain.com] acme: Obtaining SAN certificate
2020/07/07 13:09:00 [INFO] [act.domain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5720710729
2020/07/07 13:09:00 [INFO] [act.domain.com] acme: Could not find solver for: tls-alpn-01
2020/07/07 13:09:00 [INFO] [act.domain.com] acme: use http-01 solver
2020/07/07 13:09:00 [INFO] [act.domain.com] acme: Trying to solve HTTP-01
2020/07/07 13:09:06 [INFO] [act.domain.com] The server validated our request
2020/07/07 13:09:06 [INFO] [act.domain.com] acme: Validations succeeded; requesting certificates
2020/07/07 13:09:10 [INFO] [act.domain.com] Server responded with a certificate.
Certificate for act.domain.com has been created successfully!


I found our private key in /usr/local/directadmin/data/.lego/accounts/acme-v02.api.letsencrypt.org/[email protected]/keys/[email protected]

I have multiple certificate keys:
act.domain.com.cacert
act.domain.com.cert
act.domain.com.cert.combined
act.domain.com.cert.creation_time (this has the epoch time of today when I generated the cert)
act.domain.com.cert.new.tmp
act.domain.com.cert.tmp

What certificate key should I now use?

Thanks in advance,

 

[Active8]

Urgent problem with LetsEncrypt failing to renew certificates

I'm getting problems with LetsEncrypt, which is now failing to renew existing SSL certificates for a number of domains. Here is one example error message in system messages relating to one of the domains. Subject: Error during automated certificate renewal for exampledomain.com grep...

forum.directadmin.com

 

[rwzdoorn]

Thanks for sharing the other topic, but I'm 'locked' for over 1 week because I generated 5 times the letsencrypt certificate for the same domain which means I'm not allowed to do it again. Now I need to manually 'create' the certificate.

So, how can I manually use the cert which was already created?

 

[smtalk]

Let’s encrypt script just generates the cert when called manually, it does not change any ssl settings on the website you’re generating the cert for.

 

[rwzdoorn]

Thanks for clearing up. The certificate should have been created but didn't 'renew' the old one. How can I use the latest created certificate? I can't generate a new one with DA GUI as I'm locked till Monday to create a new certificate.

 

[Active8]

I am afraid you cant and have to wait till Monday

 

[rwzdoorn]

Hi,

I waited till yesterday and tried today again, still I'm having the same issue regarding creating tomany certificates. How can I manually use the 'created' certificate?

Situation is I now have an expired certificate and I want to manually renew the certificate that was last created (but not loaded).

When I use the Paste a pre-generated certificate and key, it tells me the Expiry is October 5th (2020), but when I save it it keeps reading the expired certificate when visiting the website.

 

[smtalk]

Hi,

I waited till yesterday and tried today again, still I'm having the same issue regarding creating tomany certificates. How can I manually use the 'created' certificate?

Situation is I now have an expired certificate and I want to manually renew the certificate that was last created (but not loaded).

When I use the Paste a pre-generated certificate and key, it tells me the Expiry is October 5th (2020), but when I save it it keeps reading the expired certificate when visiting the website.

https://www.sslshopper.com/ssl-checker.html#hostname=act.runtrainer.com. Maybe it's using another cert? Check httpd.conf of the user for real cert location.

 

[rwzdoorn]

Update:

I removed other subdomains and tried to create a new certificate.

2020/07/14 13:41:46 [INFO] [act.runtrainer.com] acme: Obtaining SAN certificate
2020/07/14 13:41:47 [INFO] [act.runtrainer.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5720710729
2020/07/14 13:41:47 [INFO] [act.runtrainer.com] acme: authorization already valid; skipping challenge
2020/07/14 13:41:47 [INFO] [act.runtrainer.com] acme: Validations succeeded; requesting certificates
2020/07/14 13:41:53 [INFO] [act.runtrainer.com] Server responded with a certificate.
Certificate for act.runtrainer.com has been created successfully!

When I load my domain it still gives an certificate error with the old expired date.

 

[rwzdoorn]

Update:

I checked out some other things. On our old server I setup a main domain with several subdomains with certificates. On the new server I setup the subdomain name as 'domain' which was wrong. I also checked out several things like hostname / DNS names etc. These didn't matched up well.

I finally fixed it as it was a combination of a lot of wrong settings. This topic can be closed.

 

[floyd]

On the new server I setup the subdomain name as 'domain' which was wrong.

Just to be clear for other users its not wrong. It just depends on what you want to do. You can certainly add a subdomain as a regular domain. Its not a problem at all. In fact I recommend it for security reasons.

 

[smtalk]

Update:

I removed other subdomains and tried to create a new certificate.

2020/07/14 13:41:46 [INFO] [act.runtrainer.com] acme: Obtaining SAN certificate
2020/07/14 13:41:47 [INFO] [act.runtrainer.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5720710729
2020/07/14 13:41:47 [INFO] [act.runtrainer.com] acme: authorization already valid; skipping challenge
2020/07/14 13:41:47 [INFO] [act.runtrainer.com] acme: Validations succeeded; requesting certificates
2020/07/14 13:41:53 [INFO] [act.runtrainer.com] Server responded with a certificate.
Certificate for act.runtrainer.com has been created successfully!

When I load my domain it still gives an certificate error with the old expired date.

Did you do it from console or DA interface?

 

[rwzdoorn]

Did you do it from console or DA interface?

Sorry for late respons, it was via console eventually but was using DA interface most of the times.