I first got my SSL cert a few months ago and had everything up and working pretty easily, the issues have come with my first renewal. I’m not going to get into certbot failing to renew. At this point I’m just trying to get things back up and working. So I did things manually, but I cannot get my new certificate live.
My domain is: nx6.no-ip.org
I ran this command: certbot certonly --standalone -d nx6.no-ip.org
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nx6.no-ip.org
Waiting for verification…
Cleaning up challenges
IMPORTANT NOTES:
-
Congratulations! Your certificate and chain have been saved at:
/usr/local/etc/letsencrypt/live/nx6.no-ip.org/fullchain.pem
Your key file has been saved at:
/usr/local/etc/letsencrypt/live/nx6.no-ip.org/privkey.pem
Your cert will expire on 2019-09-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew” -
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Then I restarted nginx…
root@nginx_reverse:/ # service nginx start
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Starting nginx.
But I’m still not able to access my servers. Still getting the SSL error.
- I have tried clearing browser cache and cookies and relaunching.
Then I looked around for this issue online and tried this to check my new certificates…
root@nginx_reverse:/ # openssl x509 -in /etc/letsencrypt/live/nx6.no-ip.org/cert.pem -text -noout
And got:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:f5:4e:4d:11:79:9e:4f:6f:43:72:e0:6a:83:22:5d:4d:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
Validity
Not Before: Mar 11 07:48:59 2019 GMT
Not After : Jun 9 07:48:59 2019 GMT
Subject: CN=nx6.no-ip.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
So I still seem to be using the old certificates despite certbot saying my renewal was sucessful and it downloaded the new files?
My web server is (include version): nginx 1.14.2
The operating system my web server runs on is (include version): FreeBSD 11.2-RELEASE-p9 (note: This is in a jail on FreeNAS 11.2U4.1)
My hosting provider, if applicable, is: (none - self-hosted)
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.31.0