[BlueOnyx:26687] Re: Let's Encrypt: Certificate auto-renewal failed

Wed Dec 27 04:53:07 -05 2023

hello Chris

Thank you so much for responding!

I followed partially your advices, I rebooted the DNS server (on a different IP), disabled and re-enabled the SSL of that concerned site and rebooted its own server, too.

Now the Let's Encrypt certificate auto-renewal completed (yesterday). Funnily enough, the same thing happened for the root certificate of another server on a different IP, the auto-renewal failed but the certificate was valid. Today, the certificate auto-renewal completed! This without SSL off → on and without reboot.

So I think you were right, the DNS was the culprit, rebooting its server solved the problem.

Thanks again /und än guätä Rutsch/ meaning a good slide into the New Year :-)

で⊃ Meaulnes Legler
Zurich, Switzerland
+41¦0 44 260-1660

On 24.12.23 16:05, Chris Gebhardt - VIRTBIZ Internet via Blueonyx wrote:
> Hi Meaulnes,
> 
> 
>> You are probably all sitting around your Christmas tree and not really willing to look at my problem in this contemplative time, but I'll try anyway...
> 
> Perhaps you forget the line of work that we are in.  ;)  Always on duty!
> 
> 
>>
>> I got from root yesterday and today the following:
>>
>>> Automatic renewal of the following Let's Encrypt certificates has failed:
>>> * 'blaettler.legler.org' (Expiry date: 2024-01-21T21:37:45)
>>> Please check /var/log/letsencrypt/letsencrypt.log for more information.
>>
>> /var/log/letsencrypt/letsencrypt.log is empty, but there is a letsencrypt.log-20231224.gz at the same location and same date with the attached content that didn't help me out.
> 
> I believe that your error is located here in the logfile you attached:
> 
> [Sun Dec 24 00:36:43 CET 2023] www.blaettler.legler.org:Verify error:During secondary validation: DNS problem: NXDOMAIN looking up A for www.blaettler.legler.org - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.blaettler.legler.org - check that a DNS record exists for this domain
> [Sun Dec 24 00:36:43 CET 2023] Debug: get token url.
> 
> So it is possible that there was a momentary problem with the DNS lookup for www.blaettler.legler.org
> 
> 
>> I tried to disable and re-enable SSL in SiteManagement > SSL yesterday, the message came up again today. The certificate on the website doesn't show errors, the connection is secure.
> 
> Yes, I see that the current certificate is valid until Sun, 21 Jan 2024 21:37:45 GMT
> 
> 
>>
>> Can anyone, when she/he has some spare time, help me out here, please? It's really stupid that this occurs right now...
> 
> Based on the above, I think that the problem may have been DNS related.   So you might give it another try.
> 
> If that fails, something that I find helps in the case of very old LetsEncrypt sites is to disable the SSL from Site Management, then manually  (via CLI) remove any of the certificates in the VSITE's certs directory.  Then back at the GUI request the LetsEncrypt again (which you may have to do twice.)
> 
> Best of luck, and Merry Christmas.
> 
> 
> Chris Gebhardt
> VIRTBIZ Internet Services
> Access, Web Hosting, Colocation, Dedicated
> www.virtbiz.com  | toll-free (866) 4 VIRTBIZ
> 
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx