Let's encrypt renewal failed


#1

Hi there guys,

Seeing some very odd behaviour with Let’s Encrypt:

  1. Certificates for my sites did not auto renew :frowning:

  2. When trying to renew certificates with sudo ee site update mysite.com --letsencrypt=renew I get the following error: [Errno 111] Connection refused

When running the command a second time I get More than 30 days left for certificate Expiry. Not renewing now.

Certificates did definitely not renew…

  1. For 1 site I get the following error when running the above command: Cannot RENEW ! SSL is not configured for given site . Certificate is installed on this site…

Could you possible assist? cc. @rahul286 @harshadyeola


#2

@francois_wessels Could you share the below informations with us:

  1. Version of EasyEngine and Operating System you are using.
  2. Content of /var/log/ee/ee.log
  3. sudo ee site info for both the site.

#3

why are you trying to renew it more then 30 days out? how many times have you renewed/regenerated the certs recently as there is a limit per 7 days.

David


#4

I am currently experiencing the same problem. I am running Ubuntu 14.04.4 and the latest version of EE - had to update it to allow me to renew the cert. All appeared to be fine but today our cert has expired and it’s throwing safety errors in all browsers. When I attempt to renew via ee site update charitynetwork.com --letsencrypt=renew I receive the same as Francois pointed out above: More than 30 days left for certificate Expiry. Not renewing now.

You can view the failing SSL cert at https://charitynetwork.com.


#5

Fixed! Apparently nginx needs to be restarted after the Let’s Encrypt cert is renewed.


#6

Yah had the same issue, restarting nginx has always become a good habit to get into.


#7

@hbaker

Fixed! Apparently nginx needs to be restarted after the Let’s Encrypt cert is renewed.

EasyEngine is provision to restart nginx during SSL certificates renew. Can you please tell which EE version you are using.Apparently this issue has been fixed on latest release of EE.


#8

I performed an ee update so was on the current version.


#9

I have updated to the latest build 3.7.2 but still my ssl still won’t renew how to fix this asap

log error

2016-08-02 12:26:01,051 (DEBUG) ee : Running command: date -d "`openssl x509 -in /etc/letsencrypt/live/xxx.net/cert.pem -text -noout|grep "Not After"|cut -c 25-`" +%s
2016-08-02 12:26:01,062 (DEBUG) ee : Command Output: 1470135900
,
Command Error:
2016-08-02 12:26:01,063 (ERROR) ee : Your current cert already EXPIRED !
2016-08-02 12:26:01,063 (DEBUG) ee : Running command: date -d "`openssl x509 -in /etc/letsencrypt/live/xxx.net/cert.pem -text -noout|grep "Not After"|cut -c 25-`"
2016-08-02 12:26:01,075 (DEBUG) ee : Command Output: Tue Aug  2 11:05:00 UTC 2016
,
Command Error:
2016-08-02 12:26:01,125 (ERROR) ee : Check logs for reason `tail /var/log/ee/ee.log` & Try Again!!!

#10

I fixed it with this


#11

Had similar problems, and finally resolved all of them by this silly command which had nothing to do with EE. Just run the following command before renewing your LE SSL.

export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"

If you are into more details, like me, then you can read more about it.

Cheers!


#12