{"id":167,"date":"2026-05-15T18:24:26","date_gmt":"2026-05-15T16:24:26","guid":{"rendered":"https:\/\/gorankostic.com\/blog\/?p=167"},"modified":"2026-05-15T18:24:26","modified_gmt":"2026-05-15T16:24:26","slug":"lets-encrypt-recovery","status":"publish","type":"post","link":"https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/","title":{"rendered":"Let\u2019s Encrypt Recovery"},"content":{"rendered":"\n

Let\u2019s Encrypt Recovery<\/h1>\n\n\n\n

Excerpt:<\/strong>
Let\u2019s Encrypt<\/a> recovery obuhvata vra\u0107anje SSL sertifikata u funkcionalno stanje kada obnova ne uspe, domen nije pravilno verifikovan, webroot nije dostupan ili server\/proxy blokira challenge proces.<\/p>\n\n\n\n

Let\u2019s Encrypt Recovery<\/h2>\n\n\n\n

Let\u2019s Encrypt recovery je proces re\u0161avanja problema kada SSL sertifikat ne mo\u017ee da se izda, obnovi ili pravilno koristi na produkcionom sajtu. Iako je Let\u2019s Encrypt automatizovan sistem, uspe\u0161no izdavanje sertifikata i dalje zavisi od DNS-a, server konfiguracije, webroot putanje, reverse proxy sloja i dostupnosti domena.<\/p>\n\n\n\n

Prvi korak je uvek provera DNS zapisa. Domen mora pokazivati na pravi server pre nego \u0161to Let\u2019s Encrypt mo\u017ee da potvrdi vlasni\u0161tvo. Ako A ili AAAA zapis pokazuje na stari server, pogre\u0161an IP ili Cloudflare konfiguraciju koja nije uskla\u0111ena sa origin serverom, verifikacija mo\u017ee propasti.<\/p>\n\n\n\n

Drugi va\u017ean deo je challenge metoda. Naj\u010de\u0161\u0107e se koristi HTTP challenge, gde Let\u2019s Encrypt poku\u0161ava da pristupi posebnom fajlu na domenu preko porta 80. Ako firewall, .htaccess<\/code>, Nginx\/Caddy\/Apache pravila ili WordPress redirect blokiraju taj put, sertifikat ne\u0107e biti izdat.<\/p>\n\n\n\n

Kod Apache i Nginx servera \u010dest problem je pogre\u0161an webroot. SSL alat mo\u017ee poku\u0161avati da postavi challenge fajl u folder koji nije stvarni document root za taj domen. Tada fajl postoji na serveru, ali nije dostupan spolja preko URL-a koji Let\u2019s Encrypt proverava.<\/p>\n\n\n\n

Reverse proxy setup mo\u017ee dodatno zakomplikovati recovery. Ako domen ide kroz Caddy, Nginx ili Apache proxy ka internom servisu, challenge request mora ipak zavr\u0161iti na mestu gde ga SSL alat o\u010dekuje. U suprotnom, proxy mo\u017ee poslati zahtev aplikaciji koja ne zna \u0161ta da radi sa \/.well-known\/acme-challenge\/<\/code> putanjom.<\/p>\n\n\n\n

Kod Caddy-ja je recovery \u010desto druga\u010diji jer Caddy automatski upravlja sertifikatima. Tada treba proveriti DNS, Caddyfile, logove, permissions i da li su portovi 80 i 443 dostupni spolja. Ako je vi\u0161e servisa pome\u0161ano kroz Docker mre\u017ee, problem mo\u017ee biti i u routing logici.<\/p>\n\n\n\n

Kod Certbot<\/a> setup-a treba proveriti postoje\u0107e certificate konfiguracije, renewal fajlove i komandu kojom se sertifikat obnavlja. Ponekad sertifikat postoji, ali je renewal konfiguracija zastarela, pokazuje na pogre\u0161an plugin ili koristi stari webroot.<\/p>\n\n\n\n

Cloudflare mo\u017ee biti izvor konfuzije. Ako je proxy uklju\u010den, Let\u2019s Encrypt i dalje mora mo\u0107i da potvrdi domen kroz odgovaraju\u0107i challenge. U nekim slu\u010dajevima DNS-only re\u017eim privremeno olak\u0161ava dijagnostiku, posebno kada nije jasno da li problem dolazi sa servera ili sa Cloudflare sloja.<\/p>\n\n\n\n

Recovery ne treba svesti samo na ponovno pokretanje komande za izdavanje sertifikata. Potrebno je razumeti za\u0161to je obnova propala: pogre\u0161an DNS, zatvoren port, neispravan webroot, proxy routing, permission problem, rate limit ili konflikt izme\u0111u vi\u0161e SSL sistema.<\/p>\n\n\n\n

Posebno je va\u017eno izbegavati vi\u0161e paralelnih SSL mehanizama za isti domen. Ako istovremeno Apache, Caddy, hosting panel i ru\u010dni Certbot poku\u0161avaju da upravljaju sertifikatom, lako nastaje konfiguracioni haos. Produkcioni sistem treba da ima jedan jasan izvor SSL kontrole.<\/p>\n\n\n\n

Dobar Let\u2019s Encrypt recovery vra\u0107a HTTPS u stabilno stanje, ali i uklanja uzrok problema. Kada su DNS, portovi, webroot, proxy pravila, renewal konfiguracija i server logika pravilno uskla\u0111eni, obnova sertifikata postaje predvidljiv proces, a ne periodi\u010dni incident.<\/p>\n","protected":false},"excerpt":{"rendered":"

Let\u2019s Encrypt recovery obuhvata vra\u0107anje SSL sertifikata u funkcionalno stanje kada obnova ne uspe, domen nije pravilno verifikovan, webroot nije dostupan ili server\/proxy blokira […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,8],"tags":[],"class_list":["post-167","post","type-post","status-publish","format-standard","hentry","category-infrastructure","category-reverse-proxy-ssl"],"yoast_head":"\nLet\u2019s Encrypt Recovery - Goran Kostic Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Let\u2019s Encrypt Recovery\" \/>\n<meta property=\"og:description\" content=\"Let\u2019s Encrypt recovery obuhvata vra\u0107anje SSL sertifikata u funkcionalno stanje kada obnova ne uspe, domen nije pravilno verifikovan, webroot nije dostupan ili server\/proxy blokira […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/\" \/>\n<meta property=\"og:site_name\" content=\"Goran Kostic Blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-15T16:24:26+00:00\" \/>\n<meta name=\"author\" content=\"WebixDesign\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"WebixDesign\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/2026\\\/05\\\/15\\\/lets-encrypt-recovery\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/2026\\\/05\\\/15\\\/lets-encrypt-recovery\\\/\"},\"author\":{\"name\":\"WebixDesign\",\"@id\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/#\\\/schema\\\/person\\\/0f800bfa90359ff9d2204020d58099c8\"},\"headline\":\"Let\u2019s Encrypt Recovery\",\"datePublished\":\"2026-05-15T16:24:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/2026\\\/05\\\/15\\\/lets-encrypt-recovery\\\/\"},\"wordCount\":541,\"commentCount\":0,\"articleSection\":[\"INFRASTRUCTURE\",\"Reverse Proxy & SSL\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/gorankostic.com\\\/blog\\\/2026\\\/05\\\/15\\\/lets-encrypt-recovery\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/2026\\\/05\\\/15\\\/lets-encrypt-recovery\\\/\",\"url\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/2026\\\/05\\\/15\\\/lets-encrypt-recovery\\\/\",\"name\":\"Let\u2019s Encrypt Recovery - Goran Kostic Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/#website\"},\"datePublished\":\"2026-05-15T16:24:26+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/#\\\/schema\\\/person\\\/0f800bfa90359ff9d2204020d58099c8\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/2026\\\/05\\\/15\\\/lets-encrypt-recovery\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/gorankostic.com\\\/blog\\\/2026\\\/05\\\/15\\\/lets-encrypt-recovery\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/2026\\\/05\\\/15\\\/lets-encrypt-recovery\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Let\u2019s Encrypt Recovery\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/\",\"name\":\"Goran Kostic Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/#\\\/schema\\\/person\\\/0f800bfa90359ff9d2204020d58099c8\",\"name\":\"WebixDesign\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0b4c4d73af3b6d4c23d5191555e82cdc78a86604f69eae8d2c3d23e45d3967c5?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0b4c4d73af3b6d4c23d5191555e82cdc78a86604f69eae8d2c3d23e45d3967c5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0b4c4d73af3b6d4c23d5191555e82cdc78a86604f69eae8d2c3d23e45d3967c5?s=96&d=mm&r=g\",\"caption\":\"WebixDesign\"},\"sameAs\":[\"https:\\\/\\\/gorankostic.com\\\/blog\"],\"url\":\"https:\\\/\\\/gorankostic.com\\\/blog\\\/author\\\/webixdesign\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Let\u2019s Encrypt Recovery - Goran Kostic Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/","og_locale":"en_US","og_type":"article","og_title":"Let\u2019s Encrypt Recovery","og_description":"Let\u2019s Encrypt recovery obuhvata vra\u0107anje SSL sertifikata u funkcionalno stanje kada obnova ne uspe, domen nije pravilno verifikovan, webroot nije dostupan ili server\/proxy blokira […]","og_url":"https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/","og_site_name":"Goran Kostic Blog","article_published_time":"2026-05-15T16:24:26+00:00","author":"WebixDesign","twitter_card":"summary_large_image","twitter_misc":{"Written by":"WebixDesign","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/#article","isPartOf":{"@id":"https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/"},"author":{"name":"WebixDesign","@id":"https:\/\/gorankostic.com\/blog\/#\/schema\/person\/0f800bfa90359ff9d2204020d58099c8"},"headline":"Let\u2019s Encrypt Recovery","datePublished":"2026-05-15T16:24:26+00:00","mainEntityOfPage":{"@id":"https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/"},"wordCount":541,"commentCount":0,"articleSection":["INFRASTRUCTURE","Reverse Proxy & SSL"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/","url":"https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/","name":"Let\u2019s Encrypt Recovery - Goran Kostic Blog","isPartOf":{"@id":"https:\/\/gorankostic.com\/blog\/#website"},"datePublished":"2026-05-15T16:24:26+00:00","author":{"@id":"https:\/\/gorankostic.com\/blog\/#\/schema\/person\/0f800bfa90359ff9d2204020d58099c8"},"breadcrumb":{"@id":"https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/gorankostic.com\/blog\/2026\/05\/15\/lets-encrypt-recovery\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/gorankostic.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Let\u2019s Encrypt Recovery"}]},{"@type":"WebSite","@id":"https:\/\/gorankostic.com\/blog\/#website","url":"https:\/\/gorankostic.com\/blog\/","name":"Goran Kostic Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/gorankostic.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/gorankostic.com\/blog\/#\/schema\/person\/0f800bfa90359ff9d2204020d58099c8","name":"WebixDesign","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/0b4c4d73af3b6d4c23d5191555e82cdc78a86604f69eae8d2c3d23e45d3967c5?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/0b4c4d73af3b6d4c23d5191555e82cdc78a86604f69eae8d2c3d23e45d3967c5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0b4c4d73af3b6d4c23d5191555e82cdc78a86604f69eae8d2c3d23e45d3967c5?s=96&d=mm&r=g","caption":"WebixDesign"},"sameAs":["https:\/\/gorankostic.com\/blog"],"url":"https:\/\/gorankostic.com\/blog\/author\/webixdesign\/"}]}},"_links":{"self":[{"href":"https:\/\/gorankostic.com\/blog\/wp-json\/wp\/v2\/posts\/167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gorankostic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gorankostic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gorankostic.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gorankostic.com\/blog\/wp-json\/wp\/v2\/comments?post=167"}],"version-history":[{"count":1,"href":"https:\/\/gorankostic.com\/blog\/wp-json\/wp\/v2\/posts\/167\/revisions"}],"predecessor-version":[{"id":168,"href":"https:\/\/gorankostic.com\/blog\/wp-json\/wp\/v2\/posts\/167\/revisions\/168"}],"wp:attachment":[{"href":"https:\/\/gorankostic.com\/blog\/wp-json\/wp\/v2\/media?parent=167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gorankostic.com\/blog\/wp-json\/wp\/v2\/categories?post=167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gorankostic.com\/blog\/wp-json\/wp\/v2\/tags?post=167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}