Browsers not picking up new SSL certificate

My domain is:

My SSL certificates renewed and according the my litespeed server log, the server restarted but browsers don't pick up the new certificate.

If I manually restart the server on the command line then browsers pick up the new certificates. However, this has been going on for almost a year now and I can't SSH into the server every two months to manually restart it.

How can I make this work?

This is the 3rd thread I've made on this topic. Unfortunately, I never know if things are working until two months after I've made a change and the new certificate is issued, so this has been a very slow process.

For info on my server, versions, commands, please refer to the previous threads:

1st thread - I thought things were solved but turns out not to be so.

2nd thread - unresolved.

Please help. I have no idea what else to try.

1 Like

Current Certificate

certbot certificates


Found the following certs:
Certificate Name:
Expiry Date: 2021-03-16 09:09:45+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

LSWS restart log

cat usr/local/lsws/logs/lsrestart.log

Wed Dec 16 10:09:46 UTC 2020
reload, LSWS running: 0

1 Like

Hello :slightly_smiling_face:

Run the following command only once to update your certbot configuration to use the correct (reload) deployment hook.

sudo certbot certonly --cert-name --webroot -w /usr/local/lsws/ -d "," --deploy-hook "/usr/local/lsws/bin/lswsctrl reload" --force-renewal

You can test the renewal deployment hook using the following command. Warning: the command above and the following command will each acquire a new certificate. You are limited to acquiring 5 new certificates in any 7-day period.

sudo certbot renew --force-renewal

Your crontab at that point should only be running:

sudo certbot renew -q


Thank you for the detailed response! I will try what you recommended.

I'm just curious though, why it's not working currently? As far as I can tell the certificate renews exactly when expected and the server restarts. So why are the browsers not picking up the new certificate?


Turns out this directory /usr/local/lsws/ doesn't exist. There's no directory with my domain name inside usr/local/lsws/. May I ask what is supposed to be in there?


That was my assumption of the webroot directory of your website based on the standard documentation. Substitute the proper webroot directory accordingly.

The default is usually:


1 Like

I'm very inexperienced with all of this. How do I figure out what my webroot directory is?

1 Like

It's the directory where your website content is located.

Ok, I think I found it at /var/www/html

I used that path and the certificated did renew and was picked up by browsers. I will check again in two months to see if the browsers pick up the next renewal without issue.

Either way, thank you for all your help @griffin!

1 Like


Glad to hear it!

Just writing to keep this thread open for another 30 days so that I can let the community know if the above solution worked. Need to wait for the auto renewal to run again,

1 Like