How did you get the certificate in the first place? Using the certonly method?
If so, certbot won’t reload your webserver automatically. If you point to the correct location of the certificate in your webserver configuration, the only thing you’ll have to do is reload the webserver so it will use the new certificate.
If the above is the case, you might want to look into the --deploy-hook or --post-hook options of certbot.
Exact output (minus some errors from sites that no longer exist:
sudo ./certbot-auto renew
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
Saving debug log to /var/log/letsencrypt/letsencrypt.log
So your certs are ok, the problem is your Apache conf, right now it is pointing to a cPanel expired certificate so you should change the right directives in your Apache domains conf to point to letsencrypt certificates instead of the cPanel ones.
Another thing to know when using cron jobs for automated renewal is that if you got the certificate with a certonly method, the renew command does not reload your web server after a renewal, which means the web server will not automatically know about the existence of the renewed certificate. You can use a separate command or a --renew-hook option in Certbot to cause the web server to be reloaded after a successful renewal.
However, what @sahsanu pointed out is a more important, more fundamental problem in your particular situation right now—the Apache configuration needs to be set up to use the valid Let’s Encrypt certificates that you have.
Is everything really OK? The “certbot-auto certificates” command shows a lot of certificates, 2 of which expire in 29 days, and 1 which expires in 11 days.
Either the default renewal period has been changed, or they aren’t all being successfully renewed.
@AMBTB, what was the rest of the output of “sudo ./certbot-auto renew”? What you posted earlier showed 6 certificates, while the “sudo ./certbot-auto certificates” command you posted later showed far more, several of which will expire in the next few weeks.
Hi guys thanks for the replies, it is ok we are using the CPanel autorenew system now, the additional ones you mention above are sites that no longer exist on the server, I mentioned that earlier that there were a few sites that were not getting renewed that no longer exists so that was expected.
Thanks for the help guys, I wasnt aware that CPanel did the free autorenews, it makes more sense to use the built in functionality.