2 LetsEncrypt Certificates with different names

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: anglingexpoafrica.co.za

I ran this command: certbot certificates

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: anglingexpoafrica.co.za-0001
Domains: anglingexpoafrica.co.za
Expiry Date: 2024-07-01 18:44:35+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/anglingexpoafrica.co.za-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/anglingexpoafrica.co.za-0001/privkey.pem
Certificate Name: anglingexpoafrica.co.za
Domains: anglingexpoafrica.co.za www.anglingexpoafrica.co.za
Expiry Date: 2024-03-28 23:32:05+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/anglingexpoafrica.co.za/fullchain.pem
Private Key Path: /etc/letsencrypt/live/anglingexpoafrica.co.za/privkey.pem

My web server is (include version): nginx

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:Afrihost

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): AWS EC2 Ubuntu 20.02

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

The site is showing invalid certificate. I presume that it is showing 2 certificates because i forced the renewal. How do I revoke the incorrect certificate, and renew the expired one. (it was failing with timeout hence the force). Or do i revoke the expired one and make the site use the valid one?

Hello @umvahed,

All of these show only one certificate being served with 2 domain names anglingexpoafrica.co.za and www.anglingexpoafrica.co.za, and the certificate being served is crt.sh | 11614123625 which is expired "Not After : Mar 28 23:32:05 2024 GMT".

This is the current Certbot 2.9.0 Release

1 Like

Your original cert had two domain names in it. The root name and a www subdomain.

Your www subdomain has a different IP address in the DNS and connections using that name are failing. Both with HTTP and HTTPS. You need to correct the IP address

The reason you got a second cert was you omitted the www subdomain. The good thing is it doesn't look like you are using this cert so we could just delete it.

But, first, correct the DNS for your www name and then run

sudo certbot renew --cert-name anglingexpoafrica.co.za

Do not use force. If it fails let us know. Do not try it multiple times if it fails.

4 Likes

Thanks. I'll try this and let you know how it goes.

1 Like