[BlueOnyx:26684] Re: Let's Encrypt: Certificate auto-renewal failed
Chris Gebhardt - VIRTBIZ Internet
cobaltfacts at virtbiz.com
Sun Dec 24 10:05:58 -05 2023
Hi Meaulnes,
> You are probably all sitting around your Christmas tree and not really
> willing to look at my problem in this contemplative time, but I'll try
> anyway...
Perhaps you forget the line of work that we are in. ;) Always on duty!
>
> I got from root yesterday and today the following:
>
>> Automatic renewal of the following Let's Encrypt certificates has
>> failed:
>> * 'blaettler.legler.org' (Expiry date: 2024-01-21T21:37:45)
>> Please check /var/log/letsencrypt/letsencrypt.log for more information.
>
> /var/log/letsencrypt/letsencrypt.log is empty, but there is a
> letsencrypt.log-20231224.gz at the same location and same date with
> the attached content that didn't help me out.
I believe that your error is located here in the logfile you attached:
[Sun Dec 24 00:36:43 CET 2023] www.blaettler.legler.org:Verify
error:During secondary validation: DNS problem: NXDOMAIN looking up A
for www.blaettler.legler.org - check that a DNS record exists for this
domain; DNS problem: NXDOMAIN looking up AAAA for
www.blaettler.legler.org - check that a DNS record exists for this domain
[Sun Dec 24 00:36:43 CET 2023] Debug: get token url.
So it is possible that there was a momentary problem with the DNS lookup
for www.blaettler.legler.org
> I tried to disable and re-enable SSL in SiteManagement > SSL
> yesterday, the message came up again today. The certificate on the
> website doesn't show errors, the connection is secure.
Yes, I see that the current certificate is valid until Sun, 21 Jan 2024
21:37:45 GMT
>
> Can anyone, when she/he has some spare time, help me out here, please?
> It's really stupid that this occurs right now...
Based on the above, I think that the problem may have been DNS
related. So you might give it another try.
If that fails, something that I find helps in the case of very old
LetsEncrypt sites is to disable the SSL from Site Management, then
manually (via CLI) remove any of the certificates in the VSITE's certs
directory. Then back at the GUI request the LetsEncrypt again (which
you may have to do twice.)
Best of luck, and Merry Christmas.
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20231224/e8c5b2cb/attachment.html>
More information about the Blueonyx
mailing list