Can't reissue expired certificate (not due for renewal)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: /usr/bin/certbot certonly

It produced this output: 2019-12-07 20:39:20,934:INFO:certbot.renewal:Cert not yet due for renewal , however, cert is expired.

My web server is (include version): Nginx 1.12.2

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Not applicable (CDN service doing 301 redirect to a central server for all /.well-known/ requests.)

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.14.2

Thank you in advance for your help. Our customer’s services are down as of now and we are unable to issue a new certificate for them. The current one has expired.

1 Like

Hi @Vix

if you use certonly, the certificate isn't installed and the webserver isn't restartet. So first step: Restart your webserver.

But checking your domain there is no newer certificate -

There is nothing. Rechecked via Google - Google Transparency Report - that's the same, no certificate.

What says

certbot certificates

And your certbot is terrible old. 0.14 may not longer work.

1 Like

Thank you @JuergenAuer for your response.
I am aware the certbot version is very outdated, and an update is planned.
We fixed the issue by removing the .conf files and the archive for the domain, and issued a new certificate. We will be reviewing the setup that we have in place for certificates management to find out how and why this happened.

certbot certificates responded with:

Renewal configuration file /etc/letsencrypt/renewal/ produced an unexpected error: expected /etc/letsencrypt/live/ to be a symlink. Skipping.

All "files" in this folder should be symbolic links.
Please show output of:
ls -l /etc/letsencrypt/live/

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.