Renewing a certificate

I am acting for bitcoinwednesday.com who contacted me after receiving an email warning that their certificate expires in 90 days. The owner is under the impression that the certificate will be auto-renewed. Can you please either confirm this or point me to the correct renewal procedure so I can correctly advise my client.

They have the following error from certbot:

~# /usr/local/bin/Cloudflare_proxy_switch.py off && /usr/bin/certbot renew --no-self-upgrade --quiet; /usr/local/bin/Cloudflare_proxy_switch.py on
Attempting to renew cert (admin.bitcoinwednesday.com) from /etc/letsencrypt/renewal/admin.bitcoinwednesday.com.conf produced an unexpected error: Failed authorization procedure. admin.bitcoinwednesday.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://admin.bitcoinwednesday.com/.well-known/acme-challenge/k***************************: ā€œ\n\n404 Not Found\n\n

Not Found

\n<pā€. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/admin.bitcoinwednesday.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

That usually applies to the TLS/SSL certificate on their hosting server itself.

But I do see that the Cloudflare certificate expires in 3 months, so maybe itā€™s a monitoring service that sent the alert.

Cloudflare auto-renews certificates on their servers, so there is nothing your client would need to do in this case.

For Certbot, Iā€™ve had the same problem. My quick-fix is to Pause Cloudflare on Site (from the Overview pageā€™s lower-right corner) for just a bit while I do the renew.

But I find itā€™s easier just to use a Cloudflare CA Origin certificate that doesnā€™t need frequent renewing.

https://support.cloudflare.com/hc/en-us/articles/115000479507-Managing-Cloudflare-Origin-CA-certificates

Thanks, when I look inside the script there is an api_email, api_key, and api_url. I suspect that one of these is incorrect. I have mailed the company owner to see if he has received new credentials but wondering if you knew if it was possible to contact Cloudflare directly so he can verify/update?

You can open a Support Ticket:
Login to Cloudflare and then contact Cloudflare Support

Hi @andrew.cowan, when you contact support, you need to make sure your email is on the Cloudflare account for the active zone bitcoinwednesday.com or support will reject your request. Easiest way to do this is to have your customer add you to their account so that you can act on their behalf with Support.

How do I contact support as I just seem to go around in circles?

If you click the link @sdayman provided and click on ā€œGet More Helpā€ it will let you contact them.

2 Likes

If you login to Cloudflare and then contact Cloudflare Support, click the ā€˜Get more helpā€™ button and create a support ticket. If you create the ticket when logged into your account, youā€™ll receive an auto reply indicating you are not the zone owner and they cannot assist, hence the suggestion to make sure your email is on the account.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.