Auto renew cert with wildcard

Hi ! The thing comes from this topic:

The thing is now, I use this command to renew cert and it works perfect(or run without errors):
certbot certonly
–dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini
–dns-digitalocean-propagation-seconds 60
-d ‘*’

How can I do to renew the cert ?
I had in my crontab this line:
/usr/local/bin/certbot renew

does it will work ?

AND … The console said me certificate expire in 2019/08/08 but certificate in chrome or in webpages said previous expiration date (2019-05-27)

/usr/local/bin/certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name:
    Domains: *
    Expiry Date: 2019-08-08 17:22:28+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/
    Private Key Path: /etc/letsencrypt/live/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

My domain is:

I ran this command:
certbot certonly
–dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini
–dns-digitalocean-propagation-seconds 60
-d ‘*’

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-digitalocean, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for
dns-01 challenge for
Unsafe permissions on credentials configuration file: /root/.secrets/certbot/digitalocean.ini
Waiting 60 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2019-08-08. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.28.0

Hi @anibalardid is currently buggy. You have created a new certificate ( ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
904483810 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-10 17:22:28 2019-08-08 17:22:28 *,
2 entries duplicate nr. 1
845639864 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-04-03 17:37:27 2019-07-02 17:37:27
1 entries
784375402 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-02-26 19:16:18 2019-05-27 19:16:18 *,
2 entries

But doesn’t list it and you don’t use it. You use

expires in 17 days	*, - 2 entries

But if you use certonly, the certificate isn’t installed.

Perhaps it’s enough if you reload / restart your server.

So do that - then recheck your domain.

Hi ! thanks for your answer …
Sorry for my fault, how can I run it correctly ? wihtout certonly ?
I copied it from digitalocean tutorial

Rechecked your domain -

Now you use the new certificate:

expires in 90 days	*, - 2 entries

What did you changed? Restart the server?

If this is enough, add a --deploy-hook to automate that:

Thanks ! Yes, I restarted apache, that previously i forget it :slight_smile:

to renew it … in cron …
what command I need to run ?
certbot renew is ok ?

Also, I have friend that cant enter to my page.

It receive alert that cant access to page.
“This site cant provide secure connection”

He tried also with private browsing.

What can we try to fix it ?

There is a new check of your domain - - created yesterday, 14.05.2019 07:56:10.

There is no problem visible, non-www and www are secure.

The friend should share a screenshot.

Perhaps he had used a subdomain with www, so was used. That isn’t secure.

HI !
Hi sendme 2 screenshots, here you can see both:

Checked your via Ssllabs:

There is a good Grade A.

Looks like your friend has a too old client.

1 Like

Thats strange, he is my partner in my project :frowning:

Anything that I can try ?

Is possible to create new 100% clean certificate ?

It’s not a problem of the certificate.

It’s a problem of the device your partner uses.

If Ssllabs shows a Grade A, the webserver configuration should work with all clients max. 10 years old.

Only - new - idea: Your partner uses a firewall or a anti virus software that tries to change something.

Ssllabs has a client check:

Your partner should use that page to check his device / browser.

1 Like


I will send this comment to him, so, we wait the response :smiley:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.