By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

bncert does not automatically renew your certificate - Lightsail docs incorrect

0

The documentation for Lightsail under the How-to, "Enabling HTTPS on your WordPress instance in Amazon Lightsail" specifically says the following:

"However, Certbot does not automatically renew your certificate like the bncert tool."

I used the bncert tool about a year ago, and recently received emails from "Let's Encrypt" saying that the certificate was going to expire. I thought this might be an error, because the documentation above made clear that the bncert tool would automatically renew it. The certificate expired.

If the bncert tool does not automatically renew the certificate, then the above documentation is not merely unclear, it makes an outright false claim.

Does it need to be corrected, or did I miss something?

Topics
Compute
Tags
Website ProvisioningAmazon Lightsail
Language
English
Paul Sumares
asked 4 months ago212 views
2 Answers
1
Accepted Answer

Hi,

Let's Encrypt certificates are only valid for 90 days. The bncert tool helps setup auto-renewal for the certificate.

Since you setup the certificate and bncert about a year ago and only recently received the expiration email - it sounds like something has changed or been broken in the setup since (i.e. renewal was working correctly earlier)

Does the email contain some information about any renewal failures ? Else your actual instance must have logs from the bitnami tool on certificate renewal attempts and what went wrong.

You may also find some helpful information here - https://repost.aws/knowledge-center/lightsail-bitnami-renew-ssl-certificate

profile pictureAWS
EXPERT
AWS-SUM
answered 4 months ago
profile picture
EXPERT
MaxCloud
reviewed 4 months ago
  • Paul Sumares
    4 months ago

    Thank you for your reply.

    With regard to these details, the email only says that the certificate will expire in X days, and to please be sure to renew it before then. Based upon the two answers here, it may be that I had the machine shut down during the period when the certificate would have otherwise been auto-renewed by bncert (prior to this continuing 90-day expiration window).

    I didn't fully understand that this was the process.

    Do you happen to know of bncert has a quick command for running an ad-hoc renewal?

  • AWS-SUM EXPERT
    4 months ago

    The same command used to setup bncert the first time can be re-run again and it should help set it back up.

    Please refer Step 5: Enable HTTPS on your WordPress instance from https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-enabling-https-on-wordpress and follow the prompts thereafter.

  • Paul Sumares
    4 months ago

    Thanks, @AWS-SUM!

1

Hello.

Looking at the document below, it seems that certificates are updated every 80 days.
In other words, the fact that a certificate issued one year ago was usable until recently means that it was possible to renew it until now.
Therefore, for some reason, the renewal was not successful and the certificate has recently expired.
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-enabling-https-on-wordpress?trk=d7920dcb-23ef-4a3f-9619-088dfdc45d2e&sc_channel=ta

The bncert tool will perform an automatic renewal of your certificate every 80 days before it expires. Repeat the above steps if you wish to use additional domains and subdomains with your instance, and you want to enable HTTPS for those domains.

I thought that there would be no problem if I executed the following command and updated it again.

sudo /opt/bitnami/bncert-tool
profile picture
EXPERT
Riku_Kobayashi
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content