Question

Website down after let's encrypt ssl certificate expired

Posted November 19, 2018 2.7k views
NginxLet's EncryptUbuntu 16.04

Hello,

I’ve followed the tutorials here to have my website use let’s encrypt to switch to https. today my website went down and the error i see when i visit it is “Error 526 Invalid SSL certificate”

I tried to renew let’s encrypt certificates through ssh and got the following:

root@vps1053567:~# sudo certbot --nginx -d x.net -d www.x.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for x.net
tls-sni-01 challenge for www.x.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.x.net (tls-sni-01): urn:ietf:params:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure, x.net (tls-sni-01): urn:ietf:params:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.x.net
   Type:   tls
   Detail: remote error: tls: handshake failure

   Domain: x.net
   Type:   tls
   Detail: remote error: tls: handshake failure

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   you have an up-to-date TLS configuration that allows the server to
   communicate with the Certbot client.

Any ideas what could be the cause of this issue?

Thank you in advance!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hey friend,

Are you using CloudFlare’s reverse proxy by chance? That’s when you have the orange cloud enabled next to the DNS record in their control panel.

Try this:

sudo certbot renew --preferred-challenges http

Jarland

Submit an Answer