I added new subdomains to my existing certificate. I see also in Logs of crt.sh with id crt.sh | 4087745049 it is accepted. But in my browser i am getting still for example for https://www.omb-it.com not secure warning. can you please help me about the issue.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output: You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/mail.omb-it.com.conf)
What would you like to do?
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mail.omb-it.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mail.omb-it.com/privkey.pem
Your cert will expire on 2021-05-17. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"
If you like Certbot, please consider supporting our work by:
Replacing the certificate with exactly the same certificate is not going to do anything if it previously also didn't do anything. This is only adding more load to the Let's Encrypt systems.
In any case, did you expand an existing certificate when you first got your new cert with the added domains? Or did you get a whole different cert next to the one already existing? You can check with certbot certificates.
If you expanded the cert, it might be as simple as reloading your webserver to load the new cert into memory. If you got a second cert, you might need to install it manually into your webserver.
If you did actually install your new certificate, you probably just need to reload your webserver. You can use the command I've provided below to update your certificate properly.
thanks for your fast reply.
after reloading nginx my problem was solved.
Thank you so much.
I have another question about my certificate.
My certificate issued to mail.omb-it.com is it possible to change it to www.omb-it.com .
How can i do that?
thanks again.
Keep in mind that you'll need to update your nginx server configuration files to reference www.omb-it.com as the folder where your certificate and key are located rather than mail.omb-it.com.
Use this once you finish updating your configuration files:
sudo nginx -s reload
You can then use this to find the names of your unneeded certificates: