Question

Website down after let's encrypt ssl certificate expired

Hello,

I’ve followed the tutorials here to have my website use let’s encrypt to switch to https. today my website went down and the error i see when i visit it is “Error 526 Invalid SSL certificate”

I tried to renew let’s encrypt certificates through ssh and got the following:

root@vps1053567:~# sudo certbot --nginx -d x.net -d www.x.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for x.net
tls-sni-01 challenge for www.x.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.x.net (tls-sni-01): urn:ietf:params:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure, x.net (tls-sni-01): urn:ietf:params:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.x.net
   Type:   tls
   Detail: remote error: tls: handshake failure

   Domain: x.net
   Type:   tls
   Detail: remote error: tls: handshake failure

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   you have an up-to-date TLS configuration that allows the server to
   communicate with the Certbot client.

Any ideas what could be the cause of this issue?

Thank you in advance!


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hey friend,

Are you using CloudFlare’s reverse proxy by chance? That’s when you have the orange cloud enabled next to the DNS record in their control panel.

Try this:

sudo certbot renew --preferred-challenges http

Jarland