Focus on cloud service provider activities
Notes on website operation and maintenance

Causes affecting the inability of websites and servers to automatically renew Let's Encrypt certificates

Today, my colleague reported that a customer's website was opened and prompted that SSL was abnormal. After checking, I found that the certificate expired yesterday. This website server is built with pagoda panel and uses Let's Encrypt free SSL certificate. Of course, friends who have used this certificate should know that it is free for 90 days. Generally, our panel or script environment supports automatic renewal before the expiration of 90 days.

 Causes affecting the inability of websites and servers to automatically renew Let's Encrypt certificates

What is the problem that prevents automatic renewal? Many netizens must have encountered this problem. Anyway, Lao Zuo did not encounter it once or twice. Here is a brief analysis of the problems in the end and the solutions to these problems in the future.

First, website resolution ownership

Normally, as long as our domain name is resolved to the current server IP address, it will be automatically renewed about 20 days before the expiration. The reason for not renewing may be that we have not parsed correctly, or even that sometimes after you use the CDN, the SSL certificate of the website cannot detect the real IP address, and then the automatic renewal fails.

Second, the version of the panel environment

I have encountered this problem before. At that time, it was because the pagoda panel version was not the latest version. Maybe there was a small bug in the old version. After a while, it was still a problem. Therefore, we also need to ensure the latest version. Sometimes our server may fail. In short, there are many unprovoked problems.

Third, solve this problem

Generally, we will check this problem once every three months. If there is still a problem, we will cancel SSL and reinstall it, so that we can have another three month service life. Or there is another way to do it once and for all. That is to buy a paid certificate, or choose a free certificate with a longer cycle. For example, we can choose a certificate that is free for one year.

There are other special ways. Free things are really problematic. We can't find a business yet.

Reference articles on free certificates and applications:

1、 AliCloud free Symantec DV SSL certificate application and HTTPS configuration method

2、 6 free SSL certificate application cost saving configuration websites HTTPS encryption website

3、 Alibaba Cloud free ssl application and deployment website enable HTTPS

4、 Several domestic and foreign free SSL certificate application channels

Domain name host preferential information push QQ group: six hundred and twenty-seven million seven hundred and seventy-five thousand four hundred and seventy-seven Get preferential promotion from merchants.
Like( zero )
Do not reprint without permission: Lao Zuo's Notes » Causes affecting the inability of websites and servers to automatically renew Let's Encrypt certificates


Scan the code to follow the official account

Get more news about webmaster circle!
Entrepreneurship, operation and new knowledge