DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Related

Let's Encrypt Subdomain SSL certificate
Question
Reduce Server Response Time?
Question

Question

Lets Encrypt SSL no renewals were attempted

I’m trying to renewal my SSL certificate on my sit, when I run:

certbot renew

I get “No renewals were attempted” and when I run certbot certificates, I get “no certs found”.

I can see files in the /etc/letsencrypt for the site.com and www.site.com/

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby IlievNovember 6, 2019
Accepted Answer

Hi all,

As this turned out to be a long discussion, I will summarize it so that it is easier for anyone else who comes across this to find the solution:

  • The problem affected the Ghose droplets created from the DigitalOcean Marketplace

  • The problem was an outdated acme.sh script. The error that we were getting was:

Could not get nonce, let's try again.
  • To fix the issue we had to update the script from the dev branch of the acme repo:
sudo /etc/letsencrypt/acme.sh  --upgrade -b dev
  • After that, we noticed that the updated script was stored at:
/root/.acme.sh/acme.sh
  • To renew the SSL certificate we had to run:
/root/.acme.sh/acme.sh --force --renew --home /etc/letsencrypt --domain yourdomain.com --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail yourmail@yourdomain.com
  • We also had to adjust the cronjob so that the certificate could be renewed automatically, so we had to change the path from /etc/letsencrypt/acme.sh to /root/.acme.sh/acme.sh, to do that just run:
crontab -e

Find the acme.sh cronjob and change the path accordingly.

Hope that this helps anyone who comes across the same issue! Regards, Bobby

Bobby IlievOctober 28, 2019

Hello,

I could suggest a couple of things here:

  • Check the /etc/letsencrypt/renewal log

  • Try running the command with -v for more information, and then check the log again

  • Try running certbot renew --dry-run and check the output

  • Share your Nginx/Apache Vhost here so that I could advise you further

Regards, Bobby

GraemeNovember 5, 2019

Thank you @bobbyiliev, you deserve a good Christmas bonus this year!

I needed to make sure I had renewed by www cert and then it showed. Fingers crossed it will auto renew aswell

paulkellerNovember 5, 2019

yes that solved it! whoever you are, you are a hero, thanks for helping with this! Do you have any idea if the cert will now auto renew going forward?

paulkellerNovember 5, 2019

no luck. i get this in response:

root@reframe-digital:~# sudo /etc/letsencrypt/acme.sh  --upgrade -b dev
[Tue Nov  5 19:42:32 UTC 2019] Installing from online archive.
[Tue Nov  5 19:42:32 UTC 2019] Downloading https://github.com/Neilpang/acme.sh/archive/dev.tar.gz
[Tue Nov  5 19:42:33 UTC 2019] Extracting dev.tar.gz
[Tue Nov  5 19:42:33 UTC 2019] It is recommended to install socat first.
[Tue Nov  5 19:42:33 UTC 2019] We use socat for standalone server if you use standalone mode.
[Tue Nov  5 19:42:33 UTC 2019] If you don't use standalone mode, just ignore this warning.
[Tue Nov  5 19:42:33 UTC 2019] Installing to /root/.acme.sh
[Tue Nov  5 19:42:33 UTC 2019] Installed to /root/.acme.sh/acme.sh
[Tue Nov  5 19:42:33 UTC 2019] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Nov  5 19:42:34 UTC 2019] OK
[Tue Nov  5 19:42:34 UTC 2019] Install success!
[Tue Nov  5 19:42:34 UTC 2019] Upgrade success!

but the “Could not get nonce, let’s try again.” remains

paulkellerNovember 5, 2019

i have that cron job (although it starts with a 52 not 51). When i run the other command i get the following:

root@reframe-digital:~# sudo /etc/letsencrypt/acme.sh --force --renew --home /etc/letsencrypt --domain shared-digital.eu --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail paul.keller@gmail.com
[Tue Nov  5 13:09:49 UTC 2019] Renew: 'shared-digital.eu'
[Tue Nov  5 13:09:50 UTC 2019] Single domain='shared-digital.eu'
[Tue Nov  5 13:09:50 UTC 2019] Getting domain auth token for each domain
[Tue Nov  5 13:09:50 UTC 2019] Getting webroot for domain='shared-digital.eu'
[Tue Nov  5 13:09:50 UTC 2019] Getting new-authz for domain='shared-digital.eu'
[Tue Nov  5 13:09:50 UTC 2019] Could not get nonce, let's try again.
[Tue Nov  5 13:09:54 UTC 2019] Could not get nonce, let's try again.

this continues until i terminate the process

GraemeNovember 1, 2019

Hello Bobby, in total i have 5 configs in that folder.

ip.config www.yourdomain.com.conf www.yourdomain.com-ssl.conf yourdomain.com.conf yourdomain.com-ssl.conf

www.yourdomain.conf and yourdomain.com.conf are the same

but yourdomain-ssl.conf and yourdomain.com-sll.conf differ with the top added

 listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name yourdomain.com;
    root /var/www/ghost/system/nginx-root;

    ssl_certificate /etc/letsencrypt/yourdomain.com/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/yourdomain.com/yourdomain.com.key;
    include /etc/nginx/snippets/ssl-params.conf;

sudo certbot --nginx -d example.com -d www.example.com

When I run the above command, i get the following message: The requested nginx plugin does not appear to be installed

Join the DigitalOcean CommunityCommunity

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner

Related

Let's Encrypt Subdomain SSL certificate
Question
Reduce Server Response Time?
Question

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up