Problems with Let's encrypt renewal

Hi all,
today I've the certificates for my 2 host and relative sites expired. If I try to force the renewal from command line I get an errore and cannot update them. If I remove check on SSL+Let's from ISP panel and remark it i get error. I've try to run command from cron.d but I't show me error.
If I try to ssh login to machine it show me that not permission to login, very strange.
Anyone can help me?

thank's

 

Can't really help if you can't ssh into your machine but, if it is a vps and you got web console as an alternative try to ssh in using it, or if it is a physical server you have access to, try to use normal login or use your distro to bypass then çheck and change its ssh access settings.

 

It's VPS on my datacenter, I can alternatively enter by console.

 

1. Repair your ssh access using that web console login.

2. Once that is done, read the FAQ to troubleshoot your LE problems here: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/

 

Hi,
1. if I connect ssh to root@fqdn I get permission denied, if I connect to IP same thing. If I use administrator@ to login i can login and elevate to root.

2. for let's encrypt guide I've already checked all step but nothing change. for 1 site hosted I've solved by setup my wildcard domain. but for the other I can use it, and i need to use let's encrypt. what logs you need for find the error?

 

this is the error log

Code:

2020-06-03 08:00:12,377:DEBUG:certbot.main:Root logging level set at 20
2020-06-03 08:00:12,377:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-06-03 08:00:12,378:DEBUG:certbot.main:certbot version: 0.10.2
2020-06-03 08:00:12,378:DEBUG:certbot.main:Arguments: ['-n', '--post-hook', "echo '1' > /usr/local/ispconfig/server/le.restart"]
2020-06-03 08:00:12,378:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2020-06-03 08:00:12,388:INFO:certbot.renewal:Cert not yet due for renewal
2020-06-03 08:00:12,391:INFO:certbot.renewal:Cert not yet due for renewal
2020-06-03 08:00:12,393:INFO:certbot.renewal:Cert not yet due for renewal
2020-06-03 08:00:12,395:INFO:certbot.renewal:Cert not yet due for renewal
2020-06-03 08:00:12,398:INFO:certbot.renewal:Cert not yet due for renewal
2020-06-03 08:00:12,400:INFO:certbot.renewal:Cert not yet due for renewal
2020-06-03 08:00:12,403:INFO:certbot.renewal:Cert not yet due for renewal
2020-06-03 08:00:12,405:INFO:certbot.renewal:Cert not yet due for renewal
2020-06-03 08:00:12,405:DEBUG:certbot.renewal:no renewal failures

 

for example this is One of My Two ISP Hosts. The certificate Are in error :

Code:

NET::ERR_CERT_AUTHORITY_INVALID
Subject: cloud.hkstyle.tech

Issuer: cloud.hkstyle.tech

Expires on: 24 feb 2030

Current date: 3 giu 2020

PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIGETCCA/mgAwIBAgIUO9FTJCkX3VYPjBNghyiHK9JMnN0wDQYJKoZIhvcNAQEL
BQAwgZcxCzAJBgNVBAYTAkl0MQ4wDAYDVQQIDAVJdGFseTERMA8GA1UEBwwIUHJl
c2V6em8xGTAXBgNVBAoMEEhrU3R5bGVDT1JQLiBTcmwxCzAJBgNVBAsMAkhRMRsw
GQYDVQQDDBJjbG91ZC5oa3N0eWxlLnRlY2gxIDAeBgkqhkiG9w0BCQEWEXRlY2hA
aGtzdHlsZS50ZWNoMB4XDTIwMDIyNzE3NTkxOFoXDTMwMDIyNDE3NTkxOFowgZcx
CzAJBgNVBAYTAkl0MQ4wDAYDVQQIDAVJdGFseTERMA8GA1UEBwwIUHJlc2V6em8x
GTAXBgNVBAoMEEhrU3R5bGVDT1JQLiBTcmwxCzA
ZS50ZWNoMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArtpaBBLGzh9/
Fpl39B0zcohyMBv80+Cto1BlUGuyEwLgprno6LmLshRtwNFYv8EI4shJF4hDXSbv
BC1kXsNsP6g9H3eRlOviBhCvyMsaaav0l9PbeVUt1ybidJBxcPM0VMQEfwf6lj+i
mqB3jxvq85uepeQ2JPSfVtcfdrRgQ86NLDJPWTVJCHHnvmTQKui9KDPb2yRvQfTk
kazAKQfBtE3hCMwmHQmRHT3GqcxjJT7j4qPDfEX4eBIeEd0e18PD+qhw1/XKyXEQ
7ylqnmPfEIubNO5do8ohGUEJQZ8Ce8mBVJOod1gM
-----END CERTIFICATE-----

this is one site on it and Certificate show NotSecure : https://www.rizzus.tech/

this morning another site show me certificate Expired and no way to restore, Fortunatly I've a wildcard certificate for me domain and I've setup it on ISP panel. It's on second host. The log are on attachment

 

What is the output of "sudo certbot certificates"

The log shows that letsencrypt can not get the DNS information:
DNS problem: NXDOMAIN looking up A for supporto.hkstyle.it - check that a DNS record exists for this domain

And in fact, there is no record for that domain. So for a non-existing domain you can not issue a certificate

 

output is little strange:
all are VALID


DNS problem in this case in correct because the domain .it aren't configured but for some reason it's search again, it's a refuse config

 

Nobody can help me?

 

Hi, in my hosts file I've only the Vps fqdn and localhost.
I've update all possibile on server and no update are available by apt-get upgrade and ipsconfig_update.sh show no update for stable.
if you see the picture i get not-secure flag when visit my site but if I enter on wp-admin the cert is Perfect.


In the past I've open a similar thread, but when cert is returned to work I don't have the error on top.

 

Already take a force reload, removed browser cache, changed browser, incognito mode. Allways same issue

 

Thank's a lot, I've reload Logo Image into theme settings and now all work's correctly.
One thing solved.

Thank's

 

for this problem how to purge this qfdn correctly? Into ISP panel I can find it