For some reason I cannot get my renewed cert to work, basically I am using ubuntu 16.04 with lets encrypt, I have renewed before. I ran the renewal this last weekend and if I run certbot certificates my certificates are listed and show valid 88 days. I have restarted apache2 and the whole server now and when I go to the site it shows the site still pulling the old cert. I think this maybe somewhere in the apache 2 config (i.e. pull cert here) to get it to show the new cert but I am just not sure where.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Check all of the SSLCertificateFile, SSLCertificateKeyFile and (deprecated) SSLCertificateChainFile settings in your Apache configuration.
They should point to files in /etc/letsencrypt/live/, not /etc/letsencrypt/archive/ or other files.
On the other hand, sometimes browsers may show an older certificate when displaying cached pages. It’s possible the web server is actually serving the new certificate.
My bad lol, I knew something was weird, I forgot I had added the server to the firewall for webserver protection and inturn have to add the most current certificate to the firewall as well. Basically internally which bypasses the protection to the firewall was showing the new cert which made me realize it was only externally and in that case the only difference there is the firewall rules so it is now working.