6

I'm using certbot-auto generate certificate https for my domain name. I use command like this 

sudo ./certbot-auto

it's ok, but when i renew certificate use command

sudo ./certbot-auto renew --dry-run

it can't renew certificate and show error message like below:

/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/example.asia.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for example.asia
tls-sni-01 challenge for www.example.asia
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0020_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0020_csr-certbot.pem
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/example.asia/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)

Please help me

Ma YongChhin
  • 427
  • 3
  • 10
  • 24
  • What exactly is the error? `--dry-run` is to simulate a renewal (it does not actually renew the certificate). You appear to have renewed the cert yesterday (Wed, 26 Oct 2016 02:49:00 UTC) and it doesn't expire for another 3 months. To renew a certificate, you wouldn't use the `--dry-run` option. – Anand Bhat Oct 27 '16 at 06:56
  • what command do we use for renew? please tell me – Ma YongChhin Oct 27 '16 at 07:02
  • @AnandBhat, sorry sir, can i renew certificate before expire 3 month? after expire 3 month can i use this command sudo ./certbot-auto renew --quiet for renew? is it ok? – Ma YongChhin Oct 27 '16 at 07:23
  • I want to test renew certificate today. i use this command sudo ./certbot-auto renew --quiet and sudo service httpd restart. the certificate can't renew for today (Thur, 27 Oct 2016 02:49:00 UTC) – Ma YongChhin Oct 27 '16 at 07:49

1 Answers1

9

The command you ran in your question sudo ./certbot-auto renew --dry-run is used test renewal. As your log indicates, everything went well and the test was successful.

When you wish to renew the certificate, running sudo ./certbot-auto renew --quiet will work. You can renew certificates when they expire in less than 30 days or have already expired.

More details can be found in the Certbot documentation and Certbot userguide.

Anand Bhat
  • 5,591
  • 26
  • 30
  • Thanks you so much! ./certbot-auto renew --quiet not working for me. i use sudo ./certbot-auto renew --force-renew is ok. but when i use crontab -e * 15 * * * /certbot-auto renew --force-renew it have error like this: Bootstrapping dependencies for RedHat-based OSes... yum is /usr/bin/yum To use Certbot, packages from the EPEL repository need to be installed. Please enable this repository and try running Certbot again. if know solution please help me – Ma YongChhin Oct 28 '16 at 03:29