ssl expire

i have more than host in cwp and one of them certificate expire i can't renew through bash
or through Letsencrypt Manager how i can i force renew
or remove ssl for just one host and rebuild again

or any way to renew certificate for specific domain as force renew not work

try checking your log file for issues

/root/.acme.sh/acme.sh.log

[Tue Sep 25 17:11:40 EET 2018] Getting domain auth token for each domain
[Tue Sep 25 17:11:40 EET 2018] Getting webroot for domain='www.algorithmz.net'
[Tue Sep 25 17:11:40 EET 2018] _w='/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:40 EET 2018] _currentRoot='/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:40 EET 2018] Getting new-authz for domain='www.algorithmz.net'
[Tue Sep 25 17:11:40 EET 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Sep 25 17:11:40 EET 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Sep 25 17:11:40 EET 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Sep 25 17:11:40 EET 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Sep 25 17:11:40 EET 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Sep 25 17:11:40 EET 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Sep 25 17:11:40 EET 2018] Try new-authz for the 0 time.
[Tue Sep 25 17:11:40 EET 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Sep 25 17:11:40 EET 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "www.algorithmz.net"}}'
[Tue Sep 25 17:11:40 EET 2018] RSA key
[Tue Sep 25 17:11:40 EET 2018] GET
[Tue Sep 25 17:11:40 EET 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Tue Sep 25 17:11:40 EET 2018] timeout
[Tue Sep 25 17:11:40 EET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Tue Sep 25 17:11:40 EET 2018] ret='0'
[Tue Sep 25 17:11:40 EET 2018] POST
[Tue Sep 25 17:11:40 EET 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Sep 25 17:11:40 EET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Tue Sep 25 17:11:41 EET 2018] _ret='0'
[Tue Sep 25 17:11:41 EET 2018] code='201'
[Tue Sep 25 17:11:41 EET 2018] The new-authz request is ok.
[Tue Sep 25 17:11:41 EET 2018] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/jnTFSXPnmotvHyOcrmzHWJwHw_bUuoWq4KVFBrUwWSA/7663002165","token":"E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA"'
[Tue Sep 25 17:11:41 EET 2018] token='E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA'
[Tue Sep 25 17:11:41 EET 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/jnTFSXPnmotvHyOcrmzHWJwHw_bUuoWq4KVFBrUwWSA/7663002165'
[Tue Sep 25 17:11:41 EET 2018] keyauthorization='E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU'
[Tue Sep 25 17:11:41 EET 2018] dvlist='www.algorithmz.net#E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU#https://acme-v01.api.letsencrypt.org/acme/challenge/jnTFSXPnmotvHyOcrmzHWJwHw_bUuoWq4KVFBrUwWSA/7663002165#http-01#/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:41 EET 2018] Getting webroot for domain='algorithmz.net'
[Tue Sep 25 17:11:41 EET 2018] _w='/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:41 EET 2018] _currentRoot='/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:41 EET 2018] Getting new-authz for domain='algorithmz.net'
[Tue Sep 25 17:11:41 EET 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Sep 25 17:11:41 EET 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Sep 25 17:11:41 EET 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Sep 25 17:11:41 EET 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Sep 25 17:11:41 EET 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Sep 25 17:11:41 EET 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Sep 25 17:11:41 EET 2018] Try new-authz for the 0 time.
[Tue Sep 25 17:11:41 EET 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Sep 25 17:11:41 EET 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "algorithmz.net"}}'
[Tue Sep 25 17:11:41 EET 2018] POST
[Tue Sep 25 17:11:41 EET 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Sep 25 17:11:41 EET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Tue Sep 25 17:11:42 EET 2018] _ret='0'
[Tue Sep 25 17:11:42 EET 2018] code='201'
[Tue Sep 25 17:11:42 EET 2018] The new-authz request is ok.
[Tue Sep 25 17:11:42 EET 2018] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/4XPFGnUDgGhE5lcU-suvJ5pp_oOD60GjHarYem1pHwg/7663002403","token":"iF2xV_h7Jqpo22Iu-CkKgwMm3S3o1qOgNtVMdbn2u1w"'
[Tue Sep 25 17:11:42 EET 2018] token='iF2xV_h7Jqpo22Iu-CkKgwMm3S3o1qOgNtVMdbn2u1w'
[Tue Sep 25 17:11:42 EET 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/4XPFGnUDgGhE5lcU-suvJ5pp_oOD60GjHarYem1pHwg/7663002403'
[Tue Sep 25 17:11:42 EET 2018] keyauthorization='iF2xV_h7Jqpo22Iu-CkKgwMm3S3o1qOgNtVMdbn2u1w.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU'
[Tue Sep 25 17:11:42 EET 2018] dvlist='algorithmz.net#iF2xV_h7Jqpo22Iu-CkKgwMm3S3o1qOgNtVMdbn2u1w.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU#https://acme-v01.api.letsencrypt.org/acme/challenge/4XPFGnUDgGhE5lcU-suvJ5pp_oOD60GjHarYem1pHwg/7663002403#http-01#/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:42 EET 2018] vlist='www.algorithmz.net#E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU#https://acme-v01.api.letsencrypt.org/acme/challenge/jnTFSXPnmotvHyOcrmzHWJwHw_bUuoWq4KVFBrUwWSA/7663002165#http-01#/usr/local/apache/autossl_tmp,algorithmz.net#iF2xV_h7Jqpo22Iu-CkKgwMm3S3o1qOgNtVMdbn2u1w.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU#https://acme-v01.api.letsencrypt.org/acme/challenge/4XPFGnUDgGhE5lcU-suvJ5pp_oOD60GjHarYem1pHwg/7663002403#http-01#/usr/local/apache/autossl_tmp,'
[Tue Sep 25 17:11:42 EET 2018] ok, let's start to verify
[Tue Sep 25 17:11:42 EET 2018] Verifying:www.algorithmz.net
[Tue Sep 25 17:11:42 EET 2018] d='www.algorithmz.net'
[Tue Sep 25 17:11:42 EET 2018] keyauthorization='E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU'
[Tue Sep 25 17:11:42 EET 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/jnTFSXPnmotvHyOcrmzHWJwHw_bUuoWq4KVFBrUwWSA/7663002165'
[Tue Sep 25 17:11:42 EET 2018] _currentRoot='/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:42 EET 2018] wellknown_path='/usr/local/apache/autossl_tmp/.well-known/acme-challenge'
[Tue Sep 25 17:11:42 EET 2018] writing token:E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA to /usr/local/apache/autossl_tmp/.well-known/acme-challenge/E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA
[Tue Sep 25 17:11:42 EET 2018] Changing owner/group of .well-known to root:root
[Tue Sep 25 17:11:42 EET 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/jnTFSXPnmotvHyOcrmzHWJwHw_bUuoWq4KVFBrUwWSA/7663002165'
[Tue Sep 25 17:11:42 EET 2018] payload='{"resource": "challenge", "keyAuthorization": "E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU"}'

 sudo /root/.acme.sh/acme.sh  --renew -d www.algorithmz.net
 Renew: 'www.algorithmz.net'
'www.algorithmz.net' is not a issued domain, skip.

try to remove it and then install again from cwp

how to remove only one domain i think if i press remove it will delete all domain cert

i delete vhost and install and get that
Failed authorization procedure. www.algorithmz.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.algorithmz.net/.well-known/acme-challenge/QBB4OCIqBwvCxae2bE5YmW48-Py0N9X_jDTmgQtLKjM: "\n\n\n\n
Not Found
\n\n\n\n\n
Not Found
\n

This command used to trigger ssl installation

Code: [Select]

sh /root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --issue -d www.yourdomain.com -d yourdomain.com -w /usr/local/apache/autossl_tmp --debug 2
So basically ssl are installed in "/root/.acme.sh/cwp_certs" and from there moved to respective directory and added in vhosts-ssl.conf file.

I recently have the same issue. Have you figured out the solution yet?

I ended up deleting the certs and install a new one but that didn't work. Then I deleted the .htaccess inside .well-known folder. That didn't work. I deleted the whole folder and still no luck.

I made sure dns is correct. And it is.

I use 2 CWP on two different VPS and both have the same issue.

Please help.

I have the same issue: I've renewed certificates from CWP GUI and appears as renewed, but when I open the website the certificate it's still expired. Tried disabling SSL and certificates for the domain and re-enabling them, result is the same: expiring in 90 days on the GUI but already expired on the website..

I have just figured my problem thanks to this post.
http://forum.centos-webpanel.com/ssl/dns-of-your-domain-doesn't-point-to-this-server-or-you-have-htaccess-5490/msg19395/#msg19395

I did have a redirect in my nginx_proxy_vhost to force http to https with this.

Code: [Select]

return 301 https://$host$request_uri;
I have to removed that off and then after certs installed, I put it back. I wish there's a better solution for the force redirect from http to https. If anyone knows of a better solution then please let me know.

I have the same issue: I've renewed certificates from CWP GUI and appears as renewed, but when I open the website the certificate it's still expired. Tried disabling SSL and certificates for the domain and re-enabling them, result is the same: expiring in 90 days on the GUI but already expired on the website..

Have you tried to delete the certificate then install new? Make sure that it's deleted the certificates they're in the certs folder. (/etc/pki/tls/certs/). And remember to backup first before you delete anything.

Not Found
\n\n\n\n\n
Not Found
\n

I got the same error message this morning with letencrypt force renew all.  All domains failed.  I uninstalled letsencrypt and used the new autossl.

I have just figured my problem thanks to this post.
http://forum.centos-webpanel.com/ssl/dns-of-your-domain-doesn't-point-to-this-server-or-you-have-htaccess-5490/msg19395/#msg19395

I did have a redirect in my nginx_proxy_vhost to force http to https with this.

Code: [Select]

return 301 https://$host$request_uri;
I have to removed that off and then after certs installed, I put it back. I wish there's a better solution for the force redirect from http to https. If anyone knows of a better solution then please let me know.

Uninstall LE and use the new AutoSSL.  You might have to delete old certs after uninstalling LE.

/etc/letsencrypt/archives
/etc/letsencrypt/live
/etc/letsencrypt/renewal

You don't need a redirect with the new autossl.

But you can add this to each domain in vhost file.

<IfModule mod_rewrite.c>
   RewriteEngine on
   RewriteCond %{HTTPS} off
   RewriteRule ^(.*)$ https://yourdomain.com$1 [R=301,L]
   </IfModule>