debugCritical
SSL certificate renewal failing with Let's Encrypt
Viewed 0 times
certbotcertificate renewalSSL expiredACME challengeHTTP-01DNS-01
linuxdocker
Error Messages
Problem
Let's Encrypt SSL certificate renewal fails. certbot renew returns errors. Site shows certificate expired warning.
Solution
Debug: (1) Run certbot renew --dry-run to test. (2) Common causes: port 80 blocked, Nginx not reloading after renewal (add --deploy-hook), DNS not pointing to server, rate limits hit. (3) For wildcard certs, DNS-01 challenge requires DNS API access. (4) certbot certonly --standalone -d domain.com for manual renewal. (5) Check /var/log/letsencrypt/letsencrypt.log. (6) Ensure timer is running: systemctl status certbot.timer.
Why
Let's Encrypt certificates expire every 90 days. Automated renewal requires the ACME challenge to succeed, which needs port 80 or DNS TXT records.
Revisions (0)
No revisions yet.