Lets Encrypt SSL no renewals were attempted

Question

I’m trying to renewal my SSL certificate on my sit, when I run:

certbot renew

I get “No renewals were attempted” and when I run certbot certificates, I get “no certs found”.

I can see files in the /etc/letsencrypt for the site.com and www.site.com/

Bobby Iliev · Accepted Answer

Hi all,

As this turned out to be a long discussion, I will summarize it so that it is easier for anyone else who comes across this to find the solution:

The problem affected the Ghose droplets created from the DigitalOcean Marketplace
The problem was an outdated acme.sh script. The error that we were getting was:

Could not get nonce, let's try again.

To fix the issue we had to update the script from the dev branch of the acme repo:

sudo /etc/letsencrypt/acme.sh  --upgrade -b dev

After that, we noticed that the updated script was stored at:

/root/.acme.sh/acme.sh

To renew the SSL certificate we had to run:

/root/.acme.sh/acme.sh --force --renew --home /etc/letsencrypt --domain yourdomain.com --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail yourmail@yourdomain.com

We also had to adjust the cronjob so that the certificate could be renewed automatically, so we had to change the path from /etc/letsencrypt/acme.sh to /root/.acme.sh/acme.sh, to do that just run:

crontab -e

Find the acme.sh cronjob and change the path accordingly.

Hope that this helps anyone who comes across the same issue! Regards, Bobby

Bobby Iliev · Answer

Hello,

I could suggest a couple of things here:

Check the /etc/letsencrypt/renewal log
Try running the command with -v for more information, and then check the log again
Try running certbot renew --dry-run and check the output
Share your Nginx/Apache Vhost here so that I could advise you further

Regards, Bobby

Graeme · Answer

Thank you @bobbyiliev , you deserve a good Christmas bonus this year! I needed to make sure I had renewed by www cert and then it showed. Fingers crossed it will auto renew aswell

paulkeller · Answer

yes that solved it! whoever you are, you are a hero, thanks for helping with this! Do you have any idea if the cert will now auto renew going forward?

paulkeller · Answer

no luck. i get this in response:

root@reframe-digital:~# sudo /etc/letsencrypt/acme.sh  --upgrade -b dev
[Tue Nov  5 19:42:32 UTC 2019] Installing from online archive.
[Tue Nov  5 19:42:32 UTC 2019] Downloading https://github.com/Neilpang/acme.sh/archive/dev.tar.gz
[Tue Nov  5 19:42:33 UTC 2019] Extracting dev.tar.gz
[Tue Nov  5 19:42:33 UTC 2019] It is recommended to install socat first.
[Tue Nov  5 19:42:33 UTC 2019] We use socat for standalone server if you use standalone mode.
[Tue Nov  5 19:42:33 UTC 2019] If you don't use standalone mode, just ignore this warning.
[Tue Nov  5 19:42:33 UTC 2019] Installing to /root/.acme.sh
[Tue Nov  5 19:42:33 UTC 2019] Installed to /root/.acme.sh/acme.sh
[Tue Nov  5 19:42:33 UTC 2019] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Nov  5 19:42:34 UTC 2019] OK
[Tue Nov  5 19:42:34 UTC 2019] Install success!
[Tue Nov  5 19:42:34 UTC 2019] Upgrade success!

but the “Could not get nonce, let’s try again.” remains

paulkeller · Answer

i have that cron job (although it starts with a 52 not 51). When i run the other command i get the following:

root@reframe-digital:~# sudo /etc/letsencrypt/acme.sh --force --renew --home /etc/letsencrypt --domain shared-digital.eu --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail paul.keller@gmail.com
[Tue Nov  5 13:09:49 UTC 2019] Renew: 'shared-digital.eu'
[Tue Nov  5 13:09:50 UTC 2019] Single domain='shared-digital.eu'
[Tue Nov  5 13:09:50 UTC 2019] Getting domain auth token for each domain
[Tue Nov  5 13:09:50 UTC 2019] Getting webroot for domain='shared-digital.eu'
[Tue Nov  5 13:09:50 UTC 2019] Getting new-authz for domain='shared-digital.eu'
[Tue Nov  5 13:09:50 UTC 2019] Could not get nonce, let's try again.
[Tue Nov  5 13:09:54 UTC 2019] Could not get nonce, let's try again.

this continues until i terminate the process

Graeme · Answer

Hello Bobby, in total i have 5 configs in that folder.

ip.config www.yourdomain.com.conf www.yourdomain.com-ssl.conf yourdomain.com.conf yourdomain.com-ssl.conf

www.yourdomain.conf and yourdomain.com.conf are the same

but yourdomain-ssl.conf and yourdomain.com-sll.conf differ with the top added

 listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name yourdomain.com;
    root /var/www/ghost/system/nginx-root;

    ssl_certificate /etc/letsencrypt/yourdomain.com/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/yourdomain.com/yourdomain.com.key;
    include /etc/nginx/snippets/ssl-params.conf;

sudo certbot --nginx -d example.com -d www.example.com

When I run the above command, i get the following message: The requested nginx plugin does not appear to be installed

Related

Question

Lets Encrypt SSL no renewals were attempted

Related