I cannot renew letsencrypt : Forums : PythonAnywhere

I cannot renew letsencrypt

First of all, nice job on condensing the process and making it easier!

Anyways, I am having a problem getting lets encrypt to work. I followed the instructions, but it sent a 403 error.

03:53 ~ $ git clone https://github.com/lukas2511/letsencrypt.sh.git ~/letsencrypt.sh
Cloning into '/home/EndenDragon/letsencrypt.sh'...
remote: Counting objects: 1179, done.
remote: Total 1179 (delta 0), reused 0 (delta 0), pack-reused 1179
Receiving objects: 100% (1179/1179), 276.90 KiB | 0 bytes/s, done.
Resolving deltas: 100% (717/717), done.
Checking connectivity... done.
03:54 ~ $ mkdir -p ~/letsencrypt/wellknown
03:54 ~ $ cd ~/letsencrypt
03:54 ~/letsencrypt $ openssl genrsa 4096 > user.key
Generating RSA private key, 4096 bit long modulus
............................................................................................................................................
................++
...................................................................................................++
e is 65537 (0x10001)
03:55 ~/letsencrypt $ ~/letsencrypt.sh/letsencrypt.sh --cron --domain nrgrecords.cf --privkey user.key --out . --challenge http-01
# INFO: Using main config file /home/EndenDragon/letsencrypt/config
Using private key user.key instead of account key
Processing nrgrecords.cf
 + Signing domains...
 + Creating new directory ./nrgrecords.cf ...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for nrgrecords.cf...
  + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-authz (Status 403)
Details:
{
  "type": "urn:acme:error:unauthorized",
  "detail": "No registration exists matching provided key",
  "status": 403
}
03:57 ~/letsencrypt $

What is wrong with updating the ssl for the site?

deleted-user-1101648 | 89 posts | Aug. 6, 2016, 4:06 a.m. | permalink

I think that if you're using the new system, the first time you run it you have to use the non-renewal commands -- that will create a completely new certificate and register you. Then in the future, when you need to renew next time, you can follow the renewal instructions.

giles | 12671 posts | PythonAnywhere staff | Aug. 6, 2016, 5:54 p.m. | permalink

Hey @Giles, I already got http://nrgrecords.cf with https using letsencrypt.

deleted-user-1101648 | 89 posts | Aug. 7, 2016, midnight | permalink

Was that using the old instructions? Or the new ones? I'm thinking (and I may be wrong) that it's to do with how you got the original certificate. The new instructions use a different packages, so they may be registering your site differently.

giles | 12671 posts | PythonAnywhere staff | Aug. 7, 2016, 5:43 p.m. | permalink

How would I renew using the old instructions?

deleted-user-1101648 | 89 posts | Aug. 7, 2016, 10:01 p.m. | permalink

The troubleshooting guide says that it may be that you've switched between production and staging CA. They suggest not re-using the existing private key. Try exluding the --privkey option to get the script to regenerate a private key for you.

glenn | 10043 posts | PythonAnywhere staff | Aug. 8, 2016, 9:56 a.m. | permalink