Certificate expired and failing to renew

insidesign · November 24, 2020, 7:10pm

Hello,

The certificate has expired and I am unable to renew it. When I access passbolt. mydomain. com the error appears in the browser:

Attackers may be trying to steal your passbolt.mydomain.com information (for example, passwords, messages or credit cards).
NET :: ERR_CERT_DATE_INVALID

The certbot renew command, the following error appears:

Attempting to renew cert (passbolt. mydomain. com) from /etc/letsencrypt/renewal/passbolt. mydomain. com.conf produced an unexpected error: Failed authorization procedure. passbolt. mydomain. com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://passbolt. mydomain. com/.well-known/acme-challenge/sS25cZllHne74noehw-QDnZYPVj1_wew29ZBux4jZGE: Timeout during connect (likely firewall problem). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/passbolt. mydomain. com/fullchain.pem (failure)

Can someone like me renew this certificate?

thanks

garrett · December 2, 2020, 7:31pm

Hi @insidesign,

Certbot is great at updating the certs for you automatically, but it seems it cannot get to your server to access the generated verification code. This can be because port 80 is not available. The logs are indicating you are using the http-01 method of verification, so it needs public access to your site.

The error could be from:

port 80 is blocked at the firewall
the webserver is no longer listening on port 80

If the firewall is open on port 80, please share your OS and webserver configuration (redact out your domain if desired).

HEBOS · May 7, 2021, 7:18pm

Edit renew config file:
nano /etc/letsencrypt/renewal/your-full-domain.conf

Find webroot_map section, and change webroot path for your domain so that:

your-full-domain = /var/www/passbolt/webroot

Renew the certificate:
certbot renew