Browsers not picking up new SSL certificate

My domain is: vestasit.com

My SSL certificates renewed and according the my litespeed server log, the server restarted but browsers don't pick up the new certificate.

If I manually restart the server on the command line then browsers pick up the new certificates. However, this has been going on for almost a year now and I can't SSH into the server every two months to manually restart it.

How can I make this work?

This is the 3rd thread I've made on this topic. Unfortunately, I never know if things are working until two months after I've made a change and the new certificate is issued, so this has been a very slow process.

For info on my server, versions, commands, please refer to the previous threads:

1st thread - I thought things were solved but turns out not to be so.

2nd thread - unresolved.

Please help. I have no idea what else to try.

1 Like

Current Certificate

certbot certificates

output:

Found the following certs:
Certificate Name: vestasit.com
Domains: vestasit.com www.vestasit.com
Expiry Date: 2021-03-16 09:09:45+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/vestasit.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/vestasit.com/privkey.pem

LSWS restart log

cat usr/local/lsws/logs/lsrestart.log

output:
...
Wed Dec 16 10:09:46 UTC 2020
reload, LSWS running: 0

1 Like

Hello :slightly_smiling_face:

Run the following command only once to update your certbot configuration to use the correct (reload) deployment hook.

sudo certbot certonly --cert-name vestasit.com --webroot -w /usr/local/lsws/vestasit.com/html -d "vestasit.com,www.vestasit.com" --deploy-hook "/usr/local/lsws/bin/lswsctrl reload" --force-renewal

You can test the renewal deployment hook using the following command. Warning: the command above and the following command will each acquire a new certificate. You are limited to acquiring 5 new certificates in any 7-day period.

sudo certbot renew --force-renewal

Your crontab at that point should only be running:

sudo certbot renew -q

2 Likes

Thank you for the detailed response! I will try what you recommended.

I'm just curious though, why it's not working currently? As far as I can tell the certificate renews exactly when expected and the server restarts. So why are the browsers not picking up the new certificate?

2 Likes

Turns out this directory /usr/local/lsws/vestasit.com/html doesn't exist. There's no directory with my domain name inside usr/local/lsws/. May I ask what is supposed to be in there?

2 Likes

That was my assumption of the webroot directory of your website based on the standard documentation. Substitute the proper webroot directory accordingly.

The default is usually:

/usr/local/lsws/DEFAULT/html

1 Like

I'm very inexperienced with all of this. How do I figure out what my webroot directory is?

1 Like

It's the directory where your website content is located.

Ok, I think I found it at /var/www/html

I used that path and the certificated did renew and was picked up by browsers. I will check again in two months to see if the browsers pick up the next renewal without issue.

Either way, thank you for all your help @griffin!

1 Like

:partying_face:

Glad to hear it!

Just writing to keep this thread open for another 30 days so that I can let the community know if the above solution worked. Need to wait for the auto renewal to run again,

1 Like