Let's Encrypt SSL can't renew – no clear error


#1

I have a server with ~5 websites, all with Let’sEncrypt that are automatically renewed.

In the last few days, one website was not renewing anymore, and I can’t manually renew it!

Renewing SSl cert for https://x.com
ERROR : Cannot RENEW SSL cert !
Your current cert will expire within 15 days.
Check logs for reason `tail /var/log/ee/ee.log` & Try Again!!!

And the log suggests that I see the log…

tail /var/log/ee/ee.log
2016-11-16 20:26:37,567 (DEBUG) ee : Running command: date -d "`openssl x509 -in /etc/letsencrypt/live/x.com/cert.pem -text -noout|grep "Not After"|cut -c 25-`" +%s
2016-11-16 20:26:37,577 (DEBUG) ee : Command Output: 1480643820
, 
Command Error: 
2016-11-16 20:26:37,577 (ERROR) ee : Your current cert will expire within 15 days.
2016-11-16 20:26:37,578 (DEBUG) ee : Running command: date -d "`openssl x509 -in /etc/letsencrypt/live/x.com/cert.pem -text -noout|grep "Not After"|cut -c 25-`" 
2016-11-16 20:26:37,588 (DEBUG) ee : Command Output: Thu Dec  1 20:57:00 EST 2016
, 
Command Error: 
2016-11-16 20:26:37,626 (ERROR) ee : Check logs for reason `tail /var/log/ee/ee.log` & Try Again!!!

I already did:

  • apt-get update/upgrade/etc
  • deleted the entire website with site delete and created it again
  • followed this instructions
  • checked if “www” is set on DNS records

Running on PHP 5.6.28-1 / nginx 1.10.0 / EE 3.7.4

Thank you!


#2

Try running this:

sudo ee site update --le=renew --all 2> /dev/null, if it reports succesful renew, then update your crontab with:

0 0 * * 0 sudo ee site update --le=renew --all 2> /dev/null


#3

Now I am scared. It returned error just on the first website (that is not the one is focus here).

ERROR : Cannot RENEW SSL cert !
Your current cert will expire within 22 days.
Check logs for reason `tail /var/log/ee/ee.log` & Try Again!!!

I already use this function on my crontab, see here:

Should I create a new fresh server? This should be the last option :frowning:


#4

Do you have this function in your crontab with or without sudo infront of ee?


#5

On crontab, without sudo. But I tried with sudo as you requested and an error returned. (The cron worked fine for a long time, I don’t think this is the problem).


#6

OK then, but it was the problem for me, as soon as I added sudo all sites renew w/o any issues from now on.


#7

I fixed following this: https://github.com/certbot/certbot/issues/2883


#8

Posting it again: Had similar problems, and finally resolved all of them by this silly command which had nothing to do with EE. Just run the following command before renewing your LE SSL.

export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"

If you are into more details, like me, then you can read more about it.

Cheers!


#9

Worked for me on EasyEngine 3.7.4. Thank you very much.