LetsEncrypt Certificate Did Not Auto-Renew

Questions and discussions about Indie Computing's UBOSbox
Post Reply
jdm5
Posts: 7
Joined: Thu Jan 28, 2021 6:23 pm

LetsEncrypt Certificate Did Not Auto-Renew

Post by jdm5 »

Hello,

I added the Lets Encrypt certificate service to my Nextcloud site and was under the impression that it would auto renew; however, I received a notification that my certificate had expired and now I am having trouble accessing my Nexcloud site remotely. Is there a way to turn on the auto renew function and have the certificate renewed?


j12t
Posts: 192
Joined: Tue Dec 12, 2017 9:17 pm
Contact:

Re: LetsEncrypt Certificate Did Not Auto-Renew

Post by j12t »

UBOS is attempting to renew the certificate once a day until it is successful. For that to work, your UBOSbox needs to be on at that time, and reachable from the public internet.

To see what happened:

Code: Select all

sudo systemctl status certbot.service
and

Code: Select all

sudo journalctl -u certbot.service
As root, you can also look at the log file at /var/log/letsencrypt/letsencrypt.log.
jdm5
Posts: 7
Joined: Thu Jan 28, 2021 6:23 pm

Re: LetsEncrypt Certificate Did Not Auto-Renew

Post by jdm5 »

Thank you for the information. The journalctl says that the service failed with error code: exited

Do you know what I need to do to fix this error? I have not changed any settings since adding the SSL certificate.

Thanks!
j12t
Posts: 192
Joined: Tue Dec 12, 2017 9:17 pm
Contact:

Re: LetsEncrypt Certificate Did Not Auto-Renew

Post by j12t »

The log probably has some info about that. Also, when you restart the service, does it fail again?
jdm5
Posts: 7
Joined: Thu Jan 28, 2021 6:23 pm

Re: LetsEncrypt Certificate Did Not Auto-Renew

Post by jdm5 »

I'm not sure how to restart the service or the command to view the log... Please let me know and I will try both those. Thank you!
jdm5
Posts: 7
Joined: Thu Jan 28, 2021 6:23 pm

Re: LetsEncrypt Certificate Did Not Auto-Renew

Post by jdm5 »

I was able to view the logs and it looks like there was an error with the challenge responses. error is "some challenges have failed"
j12t
Posts: 192
Joined: Tue Dec 12, 2017 9:17 pm
Contact:

Re: LetsEncrypt Certificate Did Not Auto-Renew

Post by j12t »

This means Letsencrypt could not verify that you actually own the site. And as I said earlier, that usually happens when the networking setup does not permit Letsencrypt access your site from the public internet. So make sure that works: DNS, Pagekite, port forwarding or whatever you do there.

Code: Select all

sudo systemctl restart certbot.service
jdm5
Posts: 7
Joined: Thu Jan 28, 2021 6:23 pm

Re: LetsEncrypt Certificate Did Not Auto-Renew

Post by jdm5 »

I tried to restart the service, but got the following error message: Job for certbot.service failed because the control process exited with error code.

The strange thing about my network settings is that I did not have any issues with the other three sites renewing their certificates and I still see the ports (80/443) open still and I haven't changed any settings on my router.

Any suggestions on how to restart the certbot.service?
j12t
Posts: 192
Joined: Tue Dec 12, 2017 9:17 pm
Contact:

Re: LetsEncrypt Certificate Did Not Auto-Renew

Post by j12t »

I would compare DNS settings for the domains.

For restarting certbot, see above.
Post Reply