Table of Contents
Cloudways offers Free Let’s Encrypt Certificate and Free Let’s Encrypt Wildcard Certificate to you for your web applications. These SSL certificates expire in 90 days, but if you have enabled the auto-renewal feature, then it will be auto-renewing SSL certificate before 30 days of the expiry date, so you do not have to go through the process of renewing the SSL certificate manually.
There can be multiple reasons if your SSL auto-renewal feature has stopped working, and this article will guide you comprehensively about a few solutions you can try to fix the issue. The first section covers the fixes of the Simple Let’s Encrypt SSL Certificate (For root domain, and multiple SANs); whereas, the second section covers the fixes of the Let’s Encrypt Wildcard SSL Certificate (For root domain, and multiple subdomains).
Tip
Click Here if you would like to know what an SSL certificate is and what are the different types of SSL certificates.
Important
If you are using Cloudflare as a DNS provider, then you are suggested to temporarily disable Cloudflare and perform the solutions which are given below. Also, disabling Cloudflare will reveal your server’s IP address, so be cautious if you are prone to attacks.
How to Fix the Issue of Let’s Encrypt SSL Certificate Not Renewing Automatically
Here, we have listed a few standard solutions which you can apply if your SSL certificate is not getting renewed automatically. As all solutions require you to gain access to the .htaccess file of your application, so you need to connect to your server remotely via SSH so follow the steps given below.
What is the .htaccess file?
.htaccess is a configuration file that affects how a webserver responds to various requests. This file is supported by several webservers such as Apache webserver. .htaccess file is used to alter various configurations in Apache webserver software.
Tip
It is recommended that you take an on-demand backup of your web application before proceeding further so that you can always restore to the previous point if anything goes wrong while making changes in the .htaccess file.
Step #1
Firstly, connect to your server via SSH so you can access the .htaccess file of your application.
Tip
If you would like to know what is SSH and why it is used, then Click Here to find out. In this example, we are using Master Credentials to access the server remotely.
You can connect to your server via SSH in two ways, so choose your preferred option from the below options. You can also click on the hyperlink text of bullet points to learn about the procedure of connecting remotely to the server.
Using SSH Client.
Using the Cloudways Integrated SSH Terminal.
In this example, we have used the Cloudways Integrated SSH Terminal. You will see a similar window after a successful connection as shown below:
Step #2
Now, you need to go to that specific directory where your webroot is located. In other words, where your .htaccess file is located. By default, it is in the public_html directory so enter a command mentioned below to go into the public_html folder.
cd applications/<your_application_name>/public_html/
Important
Angle brackets are included to indicate the position of your input, so make sure to remove the angle brackets. Your application name is the same as your Database name (DB name). Click Here to find out where your application name is located.
Now, we will follow a series of solutions to fix this issue, and you can stop following further solutions when your issue gets resolved.
Solution #1
In this solution, we are going to rename the .htaccess file temporarily and manually renew the Let’s Encrypt SSL Certificate so follow the steps given below.
Rename your .htaccess file temporarily as it will prevent the .htaccess file from interfering in Let’s Encrypt SSL Certificate renewal process. Typing the following command will rename .htaccess file to .htaccess_temp.
mv .htaccess .htaccess_temp
Run this listing command with the new file name to verify if the file name is changed.
ls .htaccess_temp
Now, follow this guide to do an on-demand renewal of certificates.
Now, you need to revert the name of the .htaccess file if your SSL certificate is renewed successfully. Typing the below command will revert the name of the file.
mv .htaccess_temp .htaccess
Run this listing command with the new file name to verify if the file name is changed.
ls .htaccess
If the problem persists, you can move to solution# 2.
Solution #2
In this solution, we will add a rule in the .htaccess file and then manually renew the Let’s Encrypt SSL Certificate so follow the steps given below.
To add a rule on top of your .htaccess file, you need to execute the following command in your application’s webroot (public_html folder). Running this command will first open the file for editing.
vim .htaccess
Once the file is opened, you need to press i key to go into the editing mode. You will see – – INSERT – – at the bottom of your screen after pressing the key.
Tip
You need to use arrow keys for the cursor navigation.
Then, copy this rule and paste the rule at the very beginning of the file.
RewriteEngine On
RewriteRule ^.well-known/acme-challenge - [L]
Tip
To paste the rule after copying, you need to press CTRL+SHIFT+V.
Then, press the ESC key to exit the editing mode and then type and run the below command to save the changes.
Tip
This command can’t be copied and pasted, you need to type the command and hit Enter key.
:wq!
Now, follow this guide to do an on-demand renewal of your SSL certificate.
If the problem persists, you can move to solution# 3.
Solution #3
In this solution, we will revoke the existing SSL certificate, then rename the .htaccess file temporary to install a new Let’s Encrypt SSL Certificate so follow the steps given below.
First, revoke your existing Let’s Encrypt SSL Certificate. You can follow this guide to know the procedure of revoking the certificate.
Rename your .htaccess file temporarily as it will prevent the .htaccess file from interfering in Let’s Encrypt SSL Certificate renewal process. Typing the following command will rename .htaccess file to .htaccess_temp.
mv .htaccess .htaccess_temp
Run this listing command with the new file name to verify if the file name is changed.
ls .htaccess_temp
Now, deploy a new Let’s Encrypt SSL Certificate on your web application. You can follow this guide to know the procedure of deploying the new certificate.
Now, you need to revert the name of the .htaccess file if your SSL certificate is successfully installed. Typing the below command will revert the name of the file.
mv .htaccess_temp .htaccess
Run this listing command with the new file name to verify if the file name is changed.
ls .htaccess
If the problem persists, you can always contact us via Live Chat or open a support ticket, and we will try our best to assist you.
How to Fix Issue of Let’s Encrypt Wildcard SSL Certificate Not Renewing Automatically?
If your auto-renew SSL Certificate is not functioning properly then you may check if you have not removed your CNAME record of _acme-challenge on your Domain/DNS registrar panel. If this CNAME record does not exist, then you may add this required CNAME record and renew the Let’s Encrypt Wildcard Certificate by taking help from this guide.
That’s it! We hope this article was helpful. If you need any help, then feel free to search your query on Cloudways Support Center or contact us via chat (Need a Hand > Send us a Message). Alternatively, you can also create a support ticket.