DigitalOcean

Report this

What is the reason for this report?
Question

Website down after let's encrypt ssl certificate expired

Posted on November 19, 2018
Let's Encrypt
Nginx
Ubuntu 16.04
moyaja

By moyaja

Hello,

I’ve followed the tutorials here to have my website use let’s encrypt to switch to https. today my website went down and the error i see when i visit it is “Error 526 Invalid SSL certificate”

I tried to renew let’s encrypt certificates through ssh and got the following:

root@vps1053567:~# sudo certbot --nginx -d x.net -d www.x.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for x.net
tls-sni-01 challenge for www.x.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.x.net (tls-sni-01): urn:ietf:params:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure, x.net (tls-sni-01): urn:ietf:params:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.x.net
   Type:   tls
   Detail: remote error: tls: handshake failure

   Domain: x.net
   Type:   tls
   Detail: remote error: tls: handshake failure

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   you have an up-to-date TLS configuration that allows the server to
   communicate with the Certbot client.

Any ideas what could be the cause of this issue?

Thank you in advance!



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
jarland
jarlandDigitalOcean Employee badge
November 19, 2018

Hey friend,

Are you using CloudFlare’s reverse proxy by chance? That’s when you have the orange cloud enabled next to the DNS record in their control panel.

Try this:

sudo certbot renew --preferred-challenges http

Jarland

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.