Contact UsGet started

Resolving issues with obtaining and renewing certificates from Let's Encrypt

Written by
Updated at November 27, 2023

Issue description

  • When trying to issue a new or update an existing certificate from Let's Encrypt in the Certificate Manager interface, the domain rights verification process fails.

  • When trying to issue a new or update an existing certificate from Let's Encrypt in the Certificate Manager interface, the certificate switches to one of the following statuses:

    • Invalid
    • Renewal_failed

  • The certificate remains in the Validating status for a long time (from several hours to several days).

  • Certificate Manager does not support automatic renewal of previously created certificates.

Solution

Verification of domain rights when issuing a new certificate can take up to one day from the date of creation of the certificate. The service periodically checks for the relevant DNS records of the CNAME or TXT type or the presence of files with a certain name and contents on your domain's web server.

If the repeat checks do not complete successfully within one week, the certificate will change to the Invalid status when issuing a new certificate or to the Renewal_failed status when updating an existing certificate.

In this case, you need to create a new certificate request.

Alert

Make sure that only one of the resource records, cname or txt, is specified in the DNS registrar settings. Trying to use both record types will result in domain validation conflict.

Previous
All solutions for certificate manager
Next
All solutions for ClickHouse