Letsencrypt Renewal


#1

Hi there @harshadyeola, would it be possible for you to assist with this?

When visting our site we get the following message in the browser (standard Firefox message):

bitsavvy.co.za uses an invalid security certificate. 
The certificate expired on 12 May 2016 at 14:57. The current time is 08 August 2016 at 10:48. Error code: SEC_ERROR_EXPIRED_CERTIFICATE 

We then attempted to renew the certificate with the below command and get the following error:

sudo ee site update bitsavvy.co.za --letsencrypt=renew
Renewing SSl cert for https://bitsavvy.co.za
[Errno 111] Connection refused
sudo ee site update bitsavvy.co.za --letsencrypt=renew
More than 30 days left for certificate Expiry. Not renewing now.

We are on the latest version of EasyEngine & Ubuntu 14.04

Contents of sudo ee site info give the following:

Nginx configuration     wp wpredis (enabled)
PHP Version         5.6
HHVM             disabled
SSL             enabled
SSL PROVIDER             Lets Encrypt
SSL EXPIRY DATE          Sun Nov  6 07:48:00 UTC 2016

access_log         /var/www/bitsavvy.co.za/logs/access.log
error_log         /var/www/bitsavvy.co.za/logs/error.log
Webroot             /var/www/bitsavvy.co.za

Why would the browser warn that the certificate is expired but the SSL expiry date in 6 Nov 2016?

We have another site on this server and that loads perfectly with Let’s encrypt also enabled.

Site info for this site is:

Nginx configuration     wp wpredis (enabled)
PHP Version         5.6
HHVM             disabled
SSL             enabled
SSL PROVIDER             Lets Encrypt
SSL EXPIRY DATE          Wed Aug 17 08:08:00 UTC 2016

access_log         /var/www/wpacademy.co.za/logs/access.log
error_log         /var/www/wpacademy.co.za/logs/error.log
Webroot             /var/www/wpacademy.co.za

Output of /var/log/ee/ee.log

2016-08-08 08:46:42,038 (DEBUG) ee : ['/usr/local/bin/ee', 'site', 'update', 'bitsavvy.co.za', '--letsencrypt=renew']
2016-08-08 08:46:42,038 (DEBUG) ee : collecting arguments/commands for <ee.cli.controllers.base.EEBaseController object at 0x7fd466fc4390>
2016-08-08 08:46:42,041 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.site.EESiteController object at 0x7fd466fc4a58>
2016-08-08 08:46:42,043 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.site.EESiteUpdateController object at 0x7fd466fc4d68>
2016-08-08 08:46:42,047 (INFO) ee : Initializing EasyEngine Database
2016-08-08 08:46:42,057 (DEBUG) ee : e[95mRunning command: date -d "now" +%se[0m
2016-08-08 08:46:42,066 (DEBUG) ee : e[95mCommand Output: 1470646002
, 
Command Error: e[0m
2016-08-08 08:46:42,067 (DEBUG) ee : e[95mRunning command: date -d "`openssl x509 -in /etc/letsencrypt/live/bitsavvy.co.za/cert.pem -text -noout|grep "Not After"|cut -c 25-`" +%se[0m
2016-08-08 08:46:42,081 (DEBUG) ee : e[95mCommand Output: 1463057820
, 
Command Error: e[0m
2016-08-08 08:46:42,082 (DEBUG) ee : e[95mChanging directory to /opt/letsencrypte[0m
2016-08-08 08:46:42,082 (DEBUG) ee : e[95mRunning command: git pulle[0m
2016-08-08 08:46:45,521 (DEBUG) ee : e[95mCommand Output: Updating 5f0641b..e1d8ba4
, 
Command Error: From https://github.com/letsencrypt/letsencrypt
   e385274..e1d8ba4  master     -> origin/master
 * [new branch]      always-save-server -> origin/always-save-server
 * [new branch]      better-debug-logs -> origin/better-debug-logs
 * [new branch]      devdocs    -> origin/devdocs
 * [new branch]      doc-package-names -> origin/doc-package-names
 * [new branch]      documentation_cleanup -> origin/documentation_cleanup
 * [new branch]      epel-auto  -> origin/epel-auto
 * [new branch]      issue_2983 -> origin/issue_2983
 * [new branch]      lineage-option -> origin/lineage-option
 * [new branch]      multi-topic-help -> origin/multi-topic-help
 * [new branch]      multiple_vhosts -> origin/multiple_vhosts
 * [new branch]      nginx-compat -> origin/nginx-compat
 * [new branch]      nginx-compatibility-test -> origin/nginx-compatibility-test
 * [new branch]      nginx-redirect -> origin/nginx-redirect
 * [new branch]      no-conflicting-declarations -> origin/no-conflicting-declarations
 * [new branch]      no-conflicting-declarations2 -> origin/no-conflicting-declarations2
 * [new branch]      no-conflicting-declarations3 -> origin/no-conflicting-declarations3
 * [new branch]      osrelease_like -> origin/osrelease_like
 * [new branch]      test-docker3 -> origin/test-docker3
 * [new branch]      test-receive-revert -> origin/test-receive-revert
 * [new branch]      unbreak-travis -> origin/unbreak-travis
 * [new branch]      use-boulder-master -> origin/use-boulder-master
 * [new branch]      use_key_dir_in_pop -> origin/use_key_dir_in_pop
   c4c1fa3..4a7a9b7  wiki-migration -> origin/wiki-migration
 * [new tag]         v0.7.0     -> v0.7.0
 * [new tag]         v0.8.0     -> v0.8.0
 * [new tag]         v0.8.1     -> v0.8.1
error: Your local changes to the following files would be overwritten by merge:
    letsencrypt-auto
    letsencrypt-auto-source/letsencrypt-auto
Please, commit your changes or stash them before you can merge.
Aborting
e[0m
2016-08-08 08:46:45,521 (INFO) ee : e[94mRenewing SSl cert for https://bitsavvy.co.zae[0m
2016-08-08 08:46:45,521 (DEBUG) ee : e[95mRunning command: ./letsencrypt-auto --renew-by-default certonly --webroot -w /var/www/bitsavvy.co.za/htdocs/ -d bitsavvy.co.za -d www.bitsavvy.co.za --email francois@bitsavvy.co.za --text --agree-tose[0m
2016-08-08 08:47:42,405 (DEBUG) ee : e[95mCommand Output: Checking for new version...
Upgrading certbot-auto 0.6.0 to 0.7.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/bitsavvy.co.za/fullchain.pem. Your cert will
   expire on 2016-11-06. To obtain a new or tweaked version of this
   certificate in the future, simply run letsencrypt-auto again. To
   non-interactively renew *all* of your ceriticates, run
   "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

, 
Command Error: e[0m
2016-08-08 08:47:42,437 (DEBUG) ee : e[95mEEGit: git commit at /etc/letsencrypte[0m
2016-08-08 08:47:42,487 (DEBUG) ee : e[95mRunning command: date -d "`openssl x509 -in /etc/letsencrypt/live/bitsavvy.co.za/cert.pem -text -noout|grep "Not After"|cut -c 25-`" e[0m
2016-08-08 08:47:42,501 (DEBUG) ee : e[95mCommand Output: Sun Nov  6 07:48:00 UTC 2016
, 
Command Error: e[0m
2016-08-08 08:48:03,762 (DEBUG) ee : logging initialized for 'ee' using LoggingLogHandler
2016-08-08 08:48:04,055 (DEBUG) ee : ['/usr/local/bin/ee', 'site', 'update', 'bitsavvy.co.za', '--letsencrypt=renew']
2016-08-08 08:48:04,055 (DEBUG) ee : collecting arguments/commands for <ee.cli.controllers.base.EEBaseController object at 0x7ff8c976e390>
2016-08-08 08:48:04,057 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.site.EESiteController object at 0x7ff8c976e860>
2016-08-08 08:48:04,059 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.site.EESiteUpdateController object at 0x7ff8c976ee10>
2016-08-08 08:48:04,063 (INFO) ee : Initializing EasyEngine Database
2016-08-08 08:48:04,071 (DEBUG) ee : e[95mRunning command: date -d "now" +%se[0m
2016-08-08 08:48:04,075 (DEBUG) ee : e[95mCommand Output: 1470646084
, 
Command Error: e[0m
2016-08-08 08:48:04,076 (DEBUG) ee : e[95mRunning command: date -d "`openssl x509 -in /etc/letsencrypt/live/bitsavvy.co.za/cert.pem -text -noout|grep "Not After"|cut -c 25-`" +%se[0m
2016-08-08 08:48:04,086 (DEBUG) ee : e[95mCommand Output: 1478418480
, 
Command Error: e[0m
2016-08-08 08:48:04,087 (ERROR) ee : e[91mMore than 30 days left for certificate Expiry. Not renewing now.e[0m
2016-08-08 08:54:38,337 (DEBUG) ee : logging initialized for 'ee' using LoggingLogHandler
2016-08-08 08:54:38,653 (DEBUG) ee : ['/usr/local/bin/ee', 'site', 'bitsavvy.co.za', 'info']
2016-08-08 08:54:38,653 (DEBUG) ee : collecting arguments/commands for <ee.cli.controllers.base.EEBaseController object at 0x7f15256ae390>
2016-08-08 08:54:38,657 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.site.EESiteController object at 0x7f15256ae5f8>
2016-08-08 08:54:48,896 (DEBUG) ee : logging initialized for 'ee' using LoggingLogHandler
2016-08-08 08:54:49,193 (DEBUG) ee : ['/usr/local/bin/ee', 'site', 'info']
2016-08-08 08:54:49,194 (DEBUG) ee : collecting arguments/commands for <ee.cli.controllers.base.EEBaseController object at 0x7fd1f379b390>
2016-08-08 08:54:49,196 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.site.EESiteController object at 0x7fd1f379b550>
2016-08-08 08:54:49,199 (INFO) ee : Initializing EasyEngine Database
2016-08-08 08:54:54,338 (DEBUG) ee : e[95mRunning command: date -d "`openssl x509 -in /etc/letsencrypt/live/bitsavvy.co.za/cert.pem -text -noout|grep "Not After"|cut -c 25-`" e[0m
2016-08-08 08:54:54,349 (DEBUG) ee : e[95mCommand Output: Sun Nov  6 07:48:00 UTC 2016
, 
Command Error: e[0m
2016-08-08 08:54:54,350 (DEBUG) ee : loading template file /usr/lib/ee/templates/siteinfo.mustache
2016-08-08 08:57:32,959 (DEBUG) ee : logging initialized for 'ee' using LoggingLogHandler
2016-08-08 08:57:33,270 (DEBUG) ee : ['/usr/local/bin/ee', 'site', 'info']
2016-08-08 08:57:33,270 (DEBUG) ee : collecting arguments/commands for <ee.cli.controllers.base.EEBaseController object at 0x7f159dbfd390>
2016-08-08 08:57:33,273 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.site.EESiteController object at 0x7f159dbfd5f8>
2016-08-08 08:57:33,277 (INFO) ee : Initializing EasyEngine Database
2016-08-08 08:57:38,775 (DEBUG) ee : e[95mRunning command: date -d "`openssl x509 -in /etc/letsencrypt/live/wpacademy.co.za/cert.pem -text -noout|grep "Not After"|cut -c 25-`" e[0m
2016-08-08 08:57:38,786 (DEBUG) ee : e[95mCommand Output: Wed Aug 17 08:08:00 UTC 2016
, 
Command Error: e[0m
2016-08-08 08:57:38,786 (DEBUG) ee : loading template file /usr/lib/ee/templates/siteinfo.mustache
2016-08-08 09:13:48,463 (DEBUG) ee : logging initialized for 'ee' using LoggingLogHandler
2016-08-08 09:13:48,771 (DEBUG) ee : ['/usr/local/bin/ee', 'stack', 'restart']
2016-08-08 09:13:48,771 (DEBUG) ee : collecting arguments/commands for <ee.cli.controllers.base.EEBaseController object at 0x7f886e3f3390>
2016-08-08 09:13:48,775 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.stack.EEStackController object at 0x7f886e3f3710>
2016-08-08 09:13:48,777 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.stack_services.EEStackStatusController object at 0x7f886e3f3e10>
2016-08-08 09:13:48,783 (INFO) ee : Initializing EasyEngine Database
2016-08-08 09:13:53,906 (INFO) ee : e[94mPHP7.0-FPM is not installede[0m
2016-08-08 09:14:00,727 (INFO) ee : e[94mPostfix is not installede[0m
2016-08-08 09:14:00,727 (DEBUG) ee : e[95mRestarting service: nginxe[0m
2016-08-08 09:14:00,727 (INFO) ee : e[94mRestart : nginx     e[0m
2016-08-08 09:14:03,414 (INFO) ee : e[94m[e[0mOKe[94m]e[0m
2016-08-08 09:14:03,415 (DEBUG) ee : e[95mRestarting service: php5.6-fpme[0m
2016-08-08 09:14:03,415 (INFO) ee : e[94mRestart : php5.6-fpme[0m
2016-08-08 09:14:03,500 (INFO) ee : e[94m[e[0mOKe[94m]e[0m
2016-08-08 09:14:03,501 (DEBUG) ee : e[95mRestarting service: mysqle[0m
2016-08-08 09:14:03,501 (INFO) ee : e[94mRestart : mysql     e[0m
2016-08-08 09:14:09,116 (INFO) ee : e[94m[e[0mOKe[94m]e[0m

Tried to restart NGINX but no effect. Could you possibly assist?

Kind regards Francois Wessels


#2

@francois_wessels Could you share the output of ls -l /etc/letsencrypt/live/bitsavvy.co.za and cat /etc/nginx/sites-available/bitsavvy.co.za | grep ssl


#3

Hi there @ssalil, contents of directories as requested:

total 0 lrwxrwxrwx 1 root root 38 Aug 8 08:47 cert.pem -> …/…/archive/bitsavvy.co.za/cert2.pem lrwxrwxrwx 1 root root 39 Aug 8 08:47 chain.pem -> …/…/archive/bitsavvy.co.za/chain2.pem lrwxrwxrwx 1 root root 43 Aug 8 08:47 fullchain.pem -> …/…/archive/bitsavvy.co.za/fullchain2.pem lrwxrwxrwx 1 root root 41 Aug 8 08:47 privkey.pem -> …/…/archive/bitsavvy.co.za/privkey2.pem

&

server {


    server_name bitsavvy.co.za   www.bitsavvy.co.za;


    access_log /var/log/nginx/bitsavvy.co.za.access.log rt_cache_redis; 
    error_log /var/log/nginx/bitsavvy.co.za.error.log;


    root /var/www/bitsavvy.co.za/htdocs;
    
    

    index index.php index.html index.htm;


    include  common/redis.conf; 
    
    include common/wpcommon.conf;
    include common/locations.conf;
    include /var/www/bitsavvy.co.za/conf/nginx/*.conf;
}

When trying ls -l cat /etc/nginx/sites-available/bitsavvy.co.za | grep ssl I get:

sudo ls -l cat /etc/nginx/sites-available/bitsavvy.co.za | grep ssl
ls: cannot access cat: No such file or directory

Regards Francois


#4

Hi @francois_wessels

Try restarting Nginx service .

sudo service nginx restart


#5

@Prabuddha We have tried that and it still did not solve the issue :frowning:

Thanks Francois


Browsers are reporting that my certificate has expired but when I check it has not and can't renew?
#6

Is there any load balancer in between.


#7

Nope, just a normal installation of Ubuntu 14.04 & EE…

FW


#8

Thanks to @Prabuddha for fixing this so quickly.

Feedback from @Prabuddha: Reason regarding the above issue was Nginx processes was not properly spawned while Nginx was upgraded recently. So I have killed all the Nginx process and restarted it which solved the purpose.

Regards Francois Wessels


#9