Related

How to add SSL cloudflare in a drop Question Question
how long does it take to secure my site after adding an ssl certificate in account>>security Question Question

Question

Certbot failed to renew on a domain I no longer use, and now my other two domains on the same droplet are no longer HTTPS

Posted November 23, 2021 97 views
ApacheSecurityUbuntu 20.04

Several weeks ago, I was notified by certbot that one of my unused domains was no longer secure. But, I didn’t think this would affect my two remaining domains, by making them unsecure too, yet it did. So I tried to fix this.

First, I deleted the unused domain from digital ocean.
Next, I used the certbot command, 

sudo certbot delete

hoping to delete the unused domain from the list of my other certbot domains (I have one main domain, and one virtual host domain, and both need to be HTTPS).
But after using 

sudo certbot renew --dry-run

my two remaining domains are still no longer HTTPS, and, the domain I attempted to delete is STILL listed, even though it should have been deleted.

I saw this article, but only after I already did the above:
https://www.digitalocean.com/community/questions/unable-to-delete-the-dns-of-a-domain-while-deleting-this-domain-it-says-it-would-prevent-the-let-s-encrypt-certificate-renewal

I also tried using the digital ocean control panel, https://docs.digitalocean.com/products/accounts/security/certificates/ to create a secure certificate for my main domain, and hopefully the other one too, but that didn’t work also. My two remaining domains are still no longer HTTPS secure.

So, is there anything else I can do now? Thank you.

Add a comment
diane
By:
diane

Related

How to add SSL cloudflare in a drop Question Question
how long does it take to secure my site after adding an ssl certificate in account>>security Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
alexdo November 23, 2021

Hello, @diane

Would you mind sharing the exact output of the certbot command so that we can check the error messages?

Regards,
Alex

Reply Report
  • diane November 23, 2021

    Yes, of course. Thank you for your help.
    Also, just to be clear, the dc*** domain was the original main domain for this droplet, and the sg2*** and sg*** domains are virtual hosts that I created later. 

    sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/dc***.net.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sg2***.site
http-01 challenge for www.sg2***.site
http-01 challenge for dc***.net
http-01 challenge for sg***.page
http-01 challenge for www.dc***.net
http-01 challenge for www.sg***.page
Waiting for verification...
Challenge failed for domain sg2***.site
Challenge failed for domain www.sg2***.site
http-01 challenge for sg2***.site
http-01 challenge for www.sg2***.site
Cleaning up challenges
Attempting to renew cert (dc***.net) from /etc/letsencrypt/renewal/dc***.net.conf produced an unexpected error: Some challenges have failed.. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sg2***.site.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sg2***.site
http-01 challenge for www.sg2***.site
Waiting for verification...
Challenge failed for domain sg2***.site
Challenge failed for domain www.sg2***.site
http-01 challenge for sg2***.site
http-01 challenge for www.sg2***.site
Cleaning up challenges
Attempting to renew cert (sg2***.site) from /etc/letsencrypt/renewal/sg2***.site.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/dc***.net/fullchain.pem (failure)
  /etc/letsencrypt/live/sg2***.site/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/dc***.net/fullchain.pem (failure)
  /etc/letsencrypt/live/sg2***.site/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: sg2***.site
   Type:   unauthorized
   Detail: Invalid response from
   http://sg2***.site/.well-known/acme-challenge/AU_kbDGvO_fnZKxqC3ck1NJMIIvCiBfSnkAjxWsKBhA
   [99.83.154.118]: "<!DOCTYPE html>\n<html
   data-adblockkey=\"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJca"

   Domain: www.sg2***.site
   Type:   unauthorized
   Detail: Invalid response from
   http://www.sg2***.site/.well-known/acme-challenge/UAX5LbM6gY-263COFHpBrsK4fS8UwUnP-W-oS72NfcI
   [99.83.154.118]: "<!DOCTYPE html>\n<html
   data-adblockkey=\"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJca"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: sg2***.site
   Type:   unauthorized
   Detail: Invalid response from
   http://sg2***.site/.well-known/acme-challenge/qpnhvv2bANqGtZnryUzLSPmwacL-h_EPSIaPAgOJS08
   [99.83.154.118]: "<!DOCTYPE html>\n<html
   data-adblockkey=\"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJca"

   Domain: www.sg2***.site
   Type:   unauthorized
   Detail: Invalid response from
   http://www.sg2***.site/.well-known/acme-challenge/xzGT43iHAWoIV02EoUo1o-h5P_RVqhihib6564ygRYc
   [99.83.154.118]: "<!DOCTYPE html>\n<html
   data-adblockkey=\"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJca"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
    Reply Report
  • diane November 24, 2021

    Hi…how long does it normally take to get an answer?

    I need to know soon, because no one can access my website now without getting a warning message not to go to this website, with Firefox, Chrome and Edge all showing this same message.

    If I don’t get an answer soon, I suppose I will have to upload my websites to GitHub and then get another droplet, because I am not sure how to fix this without making any hidden, unbeknownst errors in Apache.

    Reply Report

Related

Looking for something else?

Ask a new question Search for more help