For some reason, sometimes Let's Encrypt just has a hard time renewing SSL certificates and you might need to recreate them. Here is the process I take to get things back up and running fairly quickly with Digital Ocean Nginx Servers.
Change to Let's Encrypt directory:
cd /opt/letsencrypt
Check which certificates are having issues:
./letsencrypt-auto renew
Run the following command, then pick from the list of certificates to delete the ones you are having problems with.
./letsencrypt-auto delete
Edit ngxinx config file to use HTTP:
sudo nano /etc/nginx/sites-available/mydomain.com
Here you will want to comment out any lines that look like this:
listen 443 ssl http2;
listen [::]:443 ssl http2 ipv6only=on;
include snippets/ssl-mydomain.com.conf;
include snippets/ssl-params.conf;
and replace them with just this
listen 80;
listen [::]:80 ipv6only=on;
Check that the config file edits did not break anything:
sudo nginx -t
You should get something that looks like this:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart nginx:
sudo systemctl restart nginx
Once you have restarted nginx, you can recreate the certificates:
sudo ./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/mydomain.com -d mydomain.com -d www.mydomain.com
You will know this worked when you see something like:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mydomain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mydomain.com/privkey.pem
Your cert will expire on 2018-01-10. To obtain a new or tweaked
version of this certificate in the future, simply run
letsencrypt-auto again. To non-interactively renew *all* of your
certificates, run "letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
If you do not see this, make sure you do not have Basic Authentication or some other configuration setup that would prevent outside access to your website.
Edit ngxinx config file to use HTTP:
sudo nano /etc/nginx/sites-available/mydomain.com
Just undo everything you did before ;)
Check that the config file edits did not break anything:
sudo nginx -t
You should get something that looks like this:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart nginx:
sudo systemctl restart nginx