SSL Renewal Failure in the Dashboard or Slack

1 min read

Nothing to panic about, there is a very common cause for this.

In the error message, in addition to reaching out to support there is a log file it suggests you check:

cat /opt/gridpane/certbot.monitoring.log

At the bottom of that log will be the most recent notices. Commonly, you will see this:

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: www.yourdomain.com
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up A for
   www.yourdomain.com - check that a DNS record exists for this domain

What this means is that when you provisioned this SSL certificate, you were given a certificate for both domain.com and www.domain.com because that is what certbot saw at the time but then the www record was removed. An SSL must be renewed with the same records as it was provisioned with, or it throws an error.

Solution: Create a DNS record for www

You can learn how to set up your DNS records here:

Setting DNS Records

If for some reason you do not want to have www on your certificate, you can also remove the existing SSL and provision another one.