Opened 2 months ago

Closed 2 months ago

#13947 closed Bug/Something is broken (worksforme)

ssl certificate not being created? :(

Reported by: https://id.mayfirst.org/eccsweb Owned by: https://id.mayfirst.org/jaimev
Priority: High Component: Tech
Keywords: certbot Cc: https://id.mayfirst.org/jamie
Sensitive: no

Description

hi again! before today i have been able to create subdomains for eccs.world, either inside the wordpress multisite or as separate hosting order, and the automatic certbot configuration has worked perfectly, which is great.

however some minutes ago i created a new subdomain for the multisite, tortillastories.eccs.world, and even though the status in the panel changed from pending to active when adding this subdomain in the ServerAlias entries, the certificate doesn't seem to have been updated - i can't access it with the browser, and using a ssl checker i don't see that new subdomain. i tried already a couple of times and it stays the same.

is there a way of "forcing" the renewal from my side? and/or can you check it for us?

thank you very much!

Change History (6)

comment:1 Changed 2 months ago by https://id.mayfirst.org/eccsweb

(i also now created another subdomain for a hosting order, ratapanchis.eccs.world, configured it to "auto" and the ssl is not working as well)

comment:2 Changed 2 months ago by https://id.mayfirst.org/jaimev

  • Cc https://id.mayfirst.org/jamie added
  • Keywords certbot added

Yes, something is definitely wrong here.

For hosting order eccs.world I see several LE certificates have been created through this web configuration. Each time the list of domains changed certbot created a new cert however the autogenerated apache web configuration is still using the original certificate, the first in this list.

  Certificate Name: eccs.world
    Domains: eccs.world arteenmarte.eccs.world lenguapartida.eccs.world pepepepepe.eccs.world www.eccs.world
    Expiry Date: 2018-10-17 19:29:16+00:00 (VALID: 69 days)
    Certificate Path: /etc/letsencrypt/live/eccs.world/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/eccs.world/privkey.pem
  Certificate Name: eccs.world-0001
    Domains: eccs.world arteenmarte.eccs.world pepepepepe.eccs.world www.eccs.world
    Expiry Date: 2018-10-18 21:52:27+00:00 (VALID: 70 days)
    Certificate Path: /etc/letsencrypt/live/eccs.world-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/eccs.world-0001/privkey.pem
  Certificate Name: eccs.world-0002
    Domains: eccs.world arteenmarte.eccs.world tortillastories.eccs.world www.eccs.world www.tortillastories.eccs.world
    Expiry Date: 2018-11-06 20:14:02+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/eccs.world-0002/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/eccs.world-0002/privkey.pem
  Certificate Name: eccs.world-0003
    Domains: eccs.world arteenmarte.eccs.world lemel.eccs.world mel.eccs.world tortillastories.eccs.world www.eccs.world
    Expiry Date: 2018-11-06 20:22:44+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/eccs.world-0003/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/eccs.world-0003/privkey.pem
  Certificate Name: eccs.world-0004
    Domains: eccs.world arteenmarte.eccs.world tortillastories.eccs.world www.eccs.world
    Expiry Date: 2018-11-06 20:30:47+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/eccs.world-0004/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/eccs.world-0004/privkey.pem

comment:3 Changed 2 months ago by https://id.mayfirst.org/jaimev

And the case of ratapanchis.eccs.world is even stranger. The web configuration is active in auto mode but no certificate has been created and no ssl version of the web configuration was autogenerated.

I am copying jamie here for more input.

comment:4 Changed 2 months ago by https://id.mayfirst.org/jaimev

  • Owner set to https://id.mayfirst.org/jaimev
  • Status changed from new to assigned

I've just deleted the extra certificates eccs.world-000{1,2,3,4} and edited to existing web configuration to http before setting back to auto hoping that the original eccs.world certificate would be replaced with a new certificate of the same name but including the changed domains because of the --expand parameter we pass to certbot. This was not the case, a new cert eccs.world-0001 was created again and the web configuration continues to use the original cert.

comment:5 Changed 2 months ago by https://id.mayfirst.org/jaimev

Switching to http and manually deleting all of the certificates for eccs.world before switching to auto successfully created the correct cert and web configuration.

Switching the web configuration for ratapanchis.eccs.world to http and then back to auto also created the correct results for that site.

So the above issues are resolved for both sites but it might be worth more investigation to determine what happened here.

comment:6 Changed 2 months ago by https://id.mayfirst.org/eccsweb

  • Resolution set to worksforme
  • Status changed from assigned to closed

thank you very much! very strange situation :/ :o

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.