Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

Unable To Renew Subdomain’s SSL Certificate via LetsEncrypt & Certbot

by |Published

Really appreciate any help with this.

I have a DO droplet (running on OpenLiteSpeed Server with Ubunto 20.04) that is hosting the main domain + 2 subdomains. In that droplet, there are 3 separate folders, each made for each website. For example:

  1. maindomain (wordpress)
  2. subdomain1 (wordpress)
  3. subdomain2 (standalone application, not sure if there is a server setup since it was setup by a developer)

SSL certificate is valid for /maindomain and /subdomain1. However, /subdomain2 was setup much later and for whatever reason the SSL certificate expired only for this subdomain.

I SSH’d into the server and found that certbot is installed and the existing config file for the SSL certificate looked good, so I went ahead and ran the following command:

certbot renew

I got the following error

    The following certs are not due for renewal yet:
  /etc/letsencrypt/live/subdomain1.domain.com/fullchain.pem expires on 2022-05-30 (skipped)
  /etc/letsencrypt/live/domain.com/fullchain.pem expires on 2022-05-30 (skipped)
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/subdomain2.domain.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: subdomain2.domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://subdomain2.domain.com/.well-known/acme-challenge/RaedorbX25N5YA123TXeUAy43Rsp42_eJmwPYuVfQR8
   [IP_ADDRESS]: 404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I went head and checked the A record and its pointing to the correct IP.

I think easiest solution would be to get a new certificate and install it, instead of renewing the existing one, however I am not sure how to do that and only on that /subdomain2

I tried to run the following in the root

certbot certonly --standalone -d subdomain2.domain.com

and got the following error

    Performing the following challenges:
http-01 challenge for subdomain2.domain.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

Thank you for your help in advance

You may also like