How to – Renew your certbot SSL cert when it fails
enewing a Let’s Encrypt SSL certificate can sometimes result in an “unauthorized” error. This error typically indicates that the certificate authority (CA) couldn’t verify your domain ownership2. Here’s a step-by-step guide to help you troubleshoot and resolve this issue:
Step 1 – Turn the firewall off and remove old files
So for some reason sometimes the certbot certificates renewal process will not go through and you will see an error like this saying “unauthorized”:
You need to remove the cert folders for archive and live in cd /etc/letsencrypt/ as shown above as well as the .conf file and rename the viciportal.conf file:
cd /etc/letsencrypt/live/
rm -rf dvdial.dialer.com/
cd /etc/letsencrypt/archive/
rm -rf dvdial.dialer.com/
rm -rf /etc/httpd/conf.d/dvdial.dialer.com-le-ssl.conf
mv /etc/httpd/conf.d/viciportal-ssl.conf /etc/httpd/conf.d/viciportal-ssl.conf.offReplace “dvdial.dialer.one” with your domain
Step 2 – Rerun the certbot command
After step 1 is complete, you can rerun “certbot” which will recreate the .conf file we deleted and recreate the SSL cert, but with -0001 added to the new directories so we need to copy these new folders to the old locations for the viciportal.conf to work without changes.
First rename the viciportal conf back to the correct name as shown below then copy the directories:
mv /etc/httpd/conf.d/viciportal-ssl.conf.off /etc/httpd/conf.d/viciportal-ssl.conf
cd /etc/letsencrypt/live/
cp -r dvdial.dialer.com-0001/ dvdial.dialer.com/
Step 3 – Restart Apache and Turn the firewall back on
service httpd restart
service firewalld start
This will work on any certs you have issued from my auto installers, its a bug I haven’t quite worked out yet. If you have any input to fix the renewals please comment here or join the Discord: https://discord.gg/ymGZJvF6hK
Chris aka carpenox
Leave a Reply