Question

Lets Encrypt SSL no renewals were attempted

I’m trying to renewal my SSL certificate on my sit, when I run:

certbot renew

I get “No renewals were attempted” and when I run certbot certificates, I get “no certs found”.

I can see files in the /etc/letsencrypt for the site.com and www.site.com/

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby IlievNovember 6, 2019
Accepted Answer

Hi all,

As this turned out to be a long discussion, I will summarize it so that it is easier for anyone else who comes across this to find the solution:

  • The problem affected the Ghose droplets created from the DigitalOcean Marketplace

  • The problem was an outdated acme.sh script. The error that we were getting was:

Could not get nonce, let's try again.
  • To fix the issue we had to update the script from the dev branch of the acme repo:
sudo /etc/letsencrypt/acme.sh  --upgrade -b dev
  • After that, we noticed that the updated script was stored at:
/root/.acme.sh/acme.sh
  • To renew the SSL certificate we had to run:
/root/.acme.sh/acme.sh --force --renew --home /etc/letsencrypt --domain yourdomain.com --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail yourmail@yourdomain.com
  • We also had to adjust the cronjob so that the certificate could be renewed automatically, so we had to change the path from /etc/letsencrypt/acme.sh to /root/.acme.sh/acme.sh, to do that just run:
crontab -e

Find the acme.sh cronjob and change the path accordingly.

Hope that this helps anyone who comes across the same issue! Regards, Bobby

Bobby IlievOctober 28, 2019

Hello,

I could suggest a couple of things here:

  • Check the /etc/letsencrypt/renewal log

  • Try running the command with -v for more information, and then check the log again

  • Try running certbot renew --dry-run and check the output

  • Share your Nginx/Apache Vhost here so that I could advise you further

Regards, Bobby

GraemeNovember 5, 2019

Thank you @bobbyiliev, you deserve a good Christmas bonus this year!

I needed to make sure I had renewed by www cert and then it showed. Fingers crossed it will auto renew aswell

paulkellerNovember 5, 2019

yes that solved it! whoever you are, you are a hero, thanks for helping with this! Do you have any idea if the cert will now auto renew going forward?