Question

How to Renew SSL Ubuntu OpenLiteSpeed Wordpress

Posted December 7, 2019 1.4k views
Let's Encrypt

I installed Ubuntu OpenLiteSpeed Wordpress and by default SSL is installed at that time.

Now the problem is it is expired and now I am trying to renew but not able to renew.

I used this command
certbot renew

After that I got the error listed below. Please help

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.feedknock.com.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for feedknock.com
http-01 challenge for www.feedknock.com
Cleaning up challenges
Attempting to renew cert (www.feedknock.com) from /etc/letsencrypt/renewal/www.feedknock.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Select the webroot for www.feedknock.com:
Choices: [‘Enter a new webroot’, ’/var/www/html’]

(You can set this with the –webroot-path flag). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.feedknock.com/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.feedknock.com/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
6 answers

Hi @feedknock,

It seems like you didn’t specify the directory root path thus the renew failing.

As for your second error

There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: feedknock.com,www.fee dknock.com: see https://letsencrypt.org/docs/rate-limits/

It seems you have been rate limited. Let’s Encrypt have a limit on how many requests per 24 hours from one IP and for one domain can come. There is nothing you can do in this case, you’ll just need to wait until tomorrow to try again.

Regards,
KDSys

Thank you so much.

I was able to figure out the path that I needed to enter and that did the trick!
Its just that I am a novice and I do not know the syntax so the simplest things are difficult, but thankfully, with the help of folks like you I was able to figure it out!
Thanks again!

Alex

Hi,

I tried to visit https://www.feedknock.com.conf and https://feedknock.com.conf but failed due to connection refused. May I know if you have any changes on HTTPS(port 443) listener?

Best,
Eric

  • Hi Eric,

    Thanks for the reply. Actually I deleted the droplet and now created one with OpenLiteSpeed Wordpress. But getting issues during the SSL activation.

    Logs

    Plugins selected: Authenticator webroot, Installer None
    Obtaining a new certificate
    An unexpected error occurred:
    There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: feedknock.com,www.fee dknock.com: see https://letsencrypt.org/docs/rate-limits/
    Please see the logfiles in /var/log/letsencrypt for more details.
    Oops, something went wrong…

I have the same issue but I need an example of how to specify the directory root path.
Help!

  • Hi,

    Basically start script will apply LE cert with command certbot certonly --non-interactive --agree-tos -m YOURMAIL --webroot -w /var/www/html/ -d example.com -d www.example.com for you at the beginning.

    After apply success, it will store certificate under /etc/letsencrypt/xxx/ folder and auto renew from it. If you did not change any root path, run command certbot renew should just works.

    Could you also share the output of dry run Certbot renew --dry-run here?

    Best,
    Eric

Hi, I am having issues with my let’s encrypt certificates auto renewing.
I thought that once I ran the scripts that it would auto-renew, but now I have my client calling me every so often, telling me that the certificate has expired. I just renewed it, then I ran certbot renew –dry-run and this is what I got:

root@OCBBQPlus-1vcpu-2gb-sfo2-01:~# certbot renew –dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/ocbbqplus.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Attempting to renew cert (ocbbqplus.com) from /etc/letsencrypt/renewal/ocbbqplus.com.conf produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed. Skipping.


Processing /etc/letsencrypt/renewal/www.ocbbqplus.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Attempting to renew cert (www.ocbbqplus.com) from /etc/letsencrypt/renewal/www.ocbbqplus.com.conf produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ocbbqplus.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.ocbbqplus.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ocbbqplus.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.ocbbqplus.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


2 renew failure(s), 0 parse failure(s)
root@OCBBQPlus-1vcpu-2gb-sfo2-01:~#

Any ideas as to what I am doing wrong?

Thanks in advance…

It shows that certificate already got renewed or at least not expired yet from the dry run output result.
What I may guess is openlitespeed web server restart hook did not work or not exist on the cronjob.

Please check if lsws restart hook set in the cron by command:

cat /etc/cron.d/certbot

We expect to see something like:

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew  --deploy-hook "/usr/local/lsws/bin/lswsctrl restart"

Best,
Eric

Submit an Answer