Renewing (an expired?) Let’s Encrypt SSL certificate with Easy Engine

The routine is expected to be as follows:

ee site update --letsencrypt=off
ee site update --letsencrypt=on
ee site update --letsencrypt=renew

Right? Well, yes, if your environment is up-to-date.  Result of the last command should be like:

Renewing SSl cert for
Reload : nginx [OK]
SUCCESS: Certificate was successfully renewed For
Your cert will expire within 89 days.
Expiration DATE: Tue Sep 12 08:23:00 UTC 2017

You might come up to this problem, though:

Renewing SSl cert for
ERROR : Cannot RENEW SSL cert !
Your current cert already EXPIRED !
Check logs for reason `tail /var/log/ee/ee.log` & Try Again!!!

Let’s have a look at the logs then! Do you find there a line, stating like setuptools pkg_resources pip wheel failed with error code 1 ?

If so, then here is what you have to try:

  1. Check if this solved the issues. Some people were happy to find it as a sole solution of the problem:
    apt-get install letsencrypt
  2. If that didn’t help, maybe this:
    export LC_ALL="en_US.UTF-8"
    export LC_CTYPE="en_US.UTF-8"
  3. Here comes the long shot (which helped me personally):
    apt-get install python-pip
    pip install setuptools
    export LC_ALL="en_US.UTF-8"
    export LC_CTYPE="en_US.UTF-8"
    pip install setuptools
    pip install --upgrade setuptools

Running the command for renewing the certificate should work just fine this time.


2 responses to “Renewing (an expired?) Let’s Encrypt SSL certificate with Easy Engine”

  1. Jorge Santos Avatar
    Jorge Santos

    Sorry Vladdimir,
    for me don’t work, happens when upgrade to ee v3.8

    Renewing SSl cert for https:/
    ERROR : Cannot RENEW SSL cert !
    Your current cert will expire within 18 days.
    Connection unexpectedly closed

    1. Vladimir Vassilev Avatar
      Vladimir Vassilev

      Hey, Jorge,
      This problem is not related to the certificate being expired but rather a server (or EasyEngine) misconfiguration. I found a possible solution for you here:

      To summarize, you should check whether your www. subdomain is pointing at the same IP address and you should try running LetsEncrypt directly, instead of through EasyEngine. Hopefully this will fix it for you.

Leave a Reply

Your email address will not be published. Required fields are marked *