OK, this was a strange problem I hit today, suddenly, when using WordPress, JetPack could no longer see the custom site. Even running the diagnostics led to an unknown error. I saw a fleeting message about invalid SSL certificate
but this never appeared again.
But when I went to Safari and click on the lock icon for our website, if you click on View Certificate, I could see the SSL certificate had definitely expired just two days ago. I was surprised that Safari wasn’t complaining. And I was confused.
I am running this stuff on DigitalOcean and the certificates are renewed by Certbot every 90 days, so what happened.
First, I ssh’ed into the system and then ran Certbot renew
and I saw that a couple of the sites were failing because http://www.mysite.com
was not found but mysite.com
was found.
I then remembered I had ported these sites to use Netlify DNS and unlike DigitalOcean DNS, it does not by default create a www.
site when the main one is created. So, the fix was simple:
- Go to Netlify.com and then to the domain section. For each of these domains, create a CNAME that points
www
tomysite.com
or whatever the core site is so that both mysite.com are available. - Then go back to DigitalOcean and you need to run a manual
Certbot renew
and this will give you new SSL certificates.
In the course of doing this, I saw a bunch of old sites that I no longer need, so you need to do with apache2:
- Go to
/etc/apache2/sites-available
to see what sites there are - a2dissite oldsite.com to remove them from Apache2
- Certbot disable –cert-name oldsite.com so Certbot no long renews them.
Oh and on the way, I saw that I was running an older version of Ubuntu, so:
apt-get update && apt-get upgrade
and then anreboot
will gt you ready for you to the latest 18.04 bionic- Then you do a
dist-upgrade
which will get you to 20.04 focal - Note that if you lose the connection, hopefully, you can just reboot the instance from the Digital Ocean command on the web
- Then when you get back, you can continue the upgrade with a
dpkg --configure -a
and it will just pick up where it left off.
The Social connections breaks
The last thing is that when this happened, I found that I could no longer publicize my posts. This is an awesome feature where when you post, it cross-posts to Twitter, Facebook, Tumblr, and LinkedIn. I probably get more views on LinkedIn alone than the website itself.
Anyway, even when I tried to reconnect, I got an endpoint already exists. And this morning when I tried again, I didn’t get this error message, but when I tried to publish there was no connection. However, switching to a different browser (Vivaldi is awesome) fixed the problem, so maybe an issue with cookies?
Dealing with Certbot renewals
OK, the last thing is that once you’ve fixed this, I found that the certbot renewals were not working. The problem is that I was getting errors because some of the sites were still on WordPress and some had migrated to Netlify, so you have to disable some SSL certificate renewals. As an aside, Netlify does this for free as well. The key things to do manually are:
- SSH into the DigitalOcean node, and then type
certbot renew
and you will see what is failing. - Run
certbot delete
and you will see all the certificats that it has and you can delete it - Then
certbot renew
should get it all cranked up.