How to – Renew your certbot SSL cert when it fails

enewing a Let’s Encrypt SSL certificate can sometimes result in an “unauthorized” error. This error typically indicates that the certificate authority (CA) couldn’t verify your domain ownership2. Here’s a step-by-step guide to help you troubleshoot and resolve this issue:

Step 1 – Turn the firewall off and remove old files

So for some reason sometimes the certbot certificates renewal process will not go through and you will see an error like this saying “unauthorized”:

You need to remove the cert folders for archive and live in cd /etc/letsencrypt/ as shown above as well as the .conf file and rename the viciportal.conf file:

cd /etc/letsencrypt/live/
rm -rf dvdial.dialer.com/
cd /etc/letsencrypt/archive/
rm -rf dvdial.dialer.com/
rm -rf /etc/httpd/conf.d/dvdial.dialer.com-le-ssl.conf
mv /etc/httpd/conf.d/viciportal-ssl.conf /etc/httpd/conf.d/viciportal-ssl.conf.off

Replace “dvdial.dialer.one” with your domain

Step 2 – Rerun the certbot command

After step 1 is complete, you can rerun “certbot” which will recreate the .conf file we deleted and recreate the SSL cert, but with -0001 added to the new directories so we need to copy these new folders to the old locations for the viciportal.conf to work without changes.

First rename the viciportal conf back to the correct name as shown below then copy the directories:

mv /etc/httpd/conf.d/viciportal-ssl.conf.off /etc/httpd/conf.d/viciportal-ssl.conf
cd /etc/letsencrypt/live/
cp -r dvdial.dialer.com-0001/ dvdial.dialer.com/

Step 3 – Restart Apache and Turn the firewall back on

service httpd restart
service firewalld start

This will work on any certs you have issued from my auto installers, its a bug I haven’t quite worked out yet. If you have any input to fix the renewals please comment here or join the Discord: https://discord.gg/ymGZJvF6hK

Chris aka carpenox