Question

Letsencrypt Shows Expired, Renewal Fails, Litespeed Wordpress Droplet

My domain shows an expired cert even though Certbot says renewal is not needed. I tried a dry run renewal and got the following error. I’m not sure what to do. This is on DigitalOcean having used the Litespeed Wordpress Droplet.

Attempting to renew cert (www.thinkliz.com) from /etc/letsencrypt/renewal/www.thinkliz.com.conf produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/www.thinkliz.com/fullchain.pem (failure)
Subscribe
Share

I’m not sure what to make of this. When I visit https://check-your-website.server-daten.de/?q=thinkliz.com#ct-logs I get the following:

Info: Problems with 3.048.289 Letsencrypt certificates (378.325 accounts). They must be revoked (revocation starts 2020-03-04 20:00 UTC) - see Revoking certain certificates on March 4.

But there are no instructions on revoking and renewing. I’m lost on what to do or even if my cert is one affected.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Hello, @internetjason

It seems like your SSL Certificate has expired. Could you please post the versions of your installed Certbot packages? In particular python3-acme.

dpkg-query -l | grep certbot

If it is not at 0.31.0-2, perhaps try to forcefully upgrade it:

sudo apt update && apt install --only-upgrade python3-acme

And then try to renew the certificate again and execute the –dry-run as well.

Let me know how it goes.

Regards, Alex

I had a similar, maybe not related, issue recently with our litespeed server. Went in to perform a renewal and it wasn’t needed. However, on my browser it was telling me the connection wasn’t secure and the cert had an older date.

This was resolved when I performed a graceful restart on the litespeed panel. This has happened before. Not sure if there is some kind of cache issue.