Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
PHP Error Log: authz_core:error - For files that don't exists on my server Question Question
blocked ip in spam Question Question

Question

Let's Encrypt renewal failing - CERTIFICATE_VERIFY_FAILED

Posted December 3, 2021 265 views
ApacheLet's EncryptUbuntu 16.04DigitalOcean Droplets

Hello, I’ve just started receiving this message from Lets Encrypt on my droplet when it tries to renew the certificate for my website. This is the full error -

Attempting to renew cert (innoviatech.com) from /etc/letsencrypt/renewal/innoviatech.com.conf produced an unexpected error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645). Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/innoviatech.com/fullchain.pem (failure)

Not sure what is causing this. The DNS of the domain name still points to the droplet and there’s been no changes to the Apache config. The certificate expires in 9 days so hoping to resolve before then!…

Thanks in advance,

Phil.

Add a comment
By:
plindsay

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
PHP Error Log: authz_core:error - For files that don't exists on my server Question Question
blocked ip in spam Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
bobbyiliev December 4, 2021

Hi there,

What I could suggest is trying to upgrade your certbot installation to the latest version:

sudo apt update
sudo apt install --only-upgrade certbot

Let me know if this helps!

There seems to have been a similar discussion on the Let’s Encrypt community here:

https://community.letsencrypt.org/t/ssl-certificate-verify-failed-certificate-verify-failed-ssl-c-645/162152

Best,
Bobby

Reply Report
  • plindsay December 4, 2021

    Thank you - I’ll try this and let you know how I get on.

    Cheers,

    Phil

    Reply Report
  • plindsay December 6, 2021

    Hi Bobby, I ran the commands to update Certbot but if I try to then run sudo certbot renew --dry-run it returns the message -

    Another instance of Certbot is already running.

    Not sure why this might be?.. I’ve tried exiting and starting a new shell but same message.

    Cheers

    Reply Report
    • bobbyiliev December 7, 2021

      Hi there,

      I recently had a similar problem and I fixed it by following the steps here:

      https://community.letsencrypt.org/t/solved-another-instance-of-certbot-is-already-running/44690/2

      Basically, first kill the current process:

      ps aux | grep -i certbot

      Find the process ID and kill the process:

      killprocess_id_here

      If this does not work, you might have to delete the certbot lock file as described in the post above.

      To find any certbot lock files run:

      find / -type f -name ".certbot.lock"

      In case that there are any, you can either delete them manually, or use this command here to delete them all in one go:

      find / -type f -name ".certbot.lock" -exec rm {} \;

      Let me know how it goes.

      Best,
      Bobby

      Reply Report

Related

Looking for something else?

Ask a new question Search for more help