jonleibowitz
commented
5 years ago I found that the renewal was supposed to occur automatically, but had been failing to do so. There are log entries in /var/log/letsencrypt that pointed to an invalid Nginx PID file:
certbot.errors.MisconfigurationError: nginx restart failed:
b''
b''
2018-12-10 04:25:48,694:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2018-12-10 04:25:48,694:ERROR:certbot.renewal: /etc/letsencrypt/live/treetracker.org/fullchain.pem (failure)
2018-12-10 04:25:48,695:DEBUG:certbot.log:Exiting abnormally:
I momentarily stopped the Nginx service, killed any Nginx worker processes, started the service to recreate a valid PID file and issued a renewal from the command line:
certbot renew --dry-run
certbot renewI also checked the existence of the certbot systemd timer that handles this renewal:
systemctl status certbot.timer
cat /lib/systemd/system/certbot.timerI'll keep an eye on these renewals but I don't expect further trouble here. I am only able to comment on this ticket, you can go ahead and close it @Davidezrajay
Davidezrajay
Hi @jonleibowitz,
I got this message again.. "Your certificate (or certificates) for the names listed below will expire in 17 days (on 15 Dec 18 04:23 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details.
treetracker.org www.treetracker.org
For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can't provide support by email.