Cannot use newly generated certificate

My domain is:

I ran this command:
sudo certbot certonly --manual -d ‘*’

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: y

Please deploy a DNS TXT record under the name with the following value:


Before continuing, verify the record is deployed.

Press Enter to Continue
Waiting for verification…
Cleaning up challenges


  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2020-05-30. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt:
    Donating to EFF:

My web server is (include version):
Nodejs 12.13

The operating system my web server runs on is (include version):
Ubuntu 18.04.3 (LTS) x64

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Problem: I already had a certificate, but that is expiring, therefore i wanted to renew it. This is what i did to renew it. Now however, it generated a new certificate in the folder etc/letsencrypt/live/ But as soon as i linked to that from my index.js file, it makes my connection not private when i try to acces the webpage.

Hi @robinvh

you use certonly, so your webserver isn’t reloaded. And if a new folder (0001) is created, you have to change your configuration, so the correct file is used.

PS: Checking your domain you use the certificate -

expires in 90 days	* - 1 entry

But used with that’s invalid, because a wildcard certificate doesn’t work with your main domain.

Create one certificate with two domain names - + *

What does “sudo certbot certificates” output?

For what it’s worth, Certbot has a DigitalOcean DNS plugin available via sudo apt install python3-certbot-dns-digitalocean. (It hasn’t been updated recently, but I think it’s still good.)

Exactly what URL did you access? What error message did you get?

1 Like

sudo certbot certificates outputs:
Found the following certs:
Certificate Name:
Domains: *
Expiry Date: 2020-05-30 08:09:35+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/
Certificate Name:
Expiry Date: 2020-03-02 14:54:02+00:00 (VALID: 1 day)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

i accessed and got “This server could not prove that it is ; its security certificate is from * . This may be caused by a misconfiguration or an attacker intercepting your connection.”

trying to create one certificate with two domain names gives an error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
An unexpected error occurred:
Error creating new order :: Cannot issue for “ + *”: Domain name contains an invalid wildcard. A wildcard is only permitted before the first dot in a domain name
Please see the logfiles in /var/log/letsencrypt for more details.

Wildcards precisely apply to one “level” of subdomain, as it were. * matches and and so forth, but not or even

The two domains need to be specified as two separate command line options, e.g.:

sudo certbot certonly --manual -d -d '*'

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.