Page 1 of 1

LetsEncrypt Certificate Did Not Auto-Renew

Posted: Mon May 17, 2021 11:48 pm
by jdm5
Hello,

I added the Lets Encrypt certificate service to my Nextcloud site and was under the impression that it would auto renew; however, I received a notification that my certificate had expired and now I am having trouble accessing my Nexcloud site remotely. Is there a way to turn on the auto renew function and have the certificate renewed?

Re: LetsEncrypt Certificate Did Not Auto-Renew

Posted: Wed May 19, 2021 3:19 am
by j12t
UBOS is attempting to renew the certificate once a day until it is successful. For that to work, your UBOSbox needs to be on at that time, and reachable from the public internet.

To see what happened:

Code: Select all

sudo systemctl status certbot.service
and

Code: Select all

sudo journalctl -u certbot.service
As root, you can also look at the log file at /var/log/letsencrypt/letsencrypt.log.

Re: LetsEncrypt Certificate Did Not Auto-Renew

Posted: Thu May 20, 2021 8:56 pm
by jdm5
Thank you for the information. The journalctl says that the service failed with error code: exited

Do you know what I need to do to fix this error? I have not changed any settings since adding the SSL certificate.

Thanks!

Re: LetsEncrypt Certificate Did Not Auto-Renew

Posted: Fri May 21, 2021 12:16 am
by j12t
The log probably has some info about that. Also, when you restart the service, does it fail again?

Re: LetsEncrypt Certificate Did Not Auto-Renew

Posted: Fri May 21, 2021 8:24 pm
by jdm5
I'm not sure how to restart the service or the command to view the log... Please let me know and I will try both those. Thank you!

Re: LetsEncrypt Certificate Did Not Auto-Renew

Posted: Fri May 21, 2021 8:48 pm
by jdm5
I was able to view the logs and it looks like there was an error with the challenge responses. error is "some challenges have failed"

Re: LetsEncrypt Certificate Did Not Auto-Renew

Posted: Fri May 21, 2021 11:03 pm
by j12t
This means Letsencrypt could not verify that you actually own the site. And as I said earlier, that usually happens when the networking setup does not permit Letsencrypt access your site from the public internet. So make sure that works: DNS, Pagekite, port forwarding or whatever you do there.

Code: Select all

sudo systemctl restart certbot.service

Re: LetsEncrypt Certificate Did Not Auto-Renew

Posted: Wed May 26, 2021 7:59 pm
by jdm5
I tried to restart the service, but got the following error message: Job for certbot.service failed because the control process exited with error code.

The strange thing about my network settings is that I did not have any issues with the other three sites renewing their certificates and I still see the ports (80/443) open still and I haven't changed any settings on my router.

Any suggestions on how to restart the certbot.service?

Re: LetsEncrypt Certificate Did Not Auto-Renew

Posted: Fri May 28, 2021 9:25 pm
by j12t
I would compare DNS settings for the domains.

For restarting certbot, see above.