My domain is: kitese.duckdns.org
I ran this command: sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook /home/pi/https/auth.sh --manual-cleanup-hook /home/pi/https/cleanup.sh
It produced this output:
My web server is (include version): Node/Express
The operating system my web server runs on is (include version): Raspberry Pi with Debian Stretch
My hosting provider, if applicable, is: -
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0
I’m running a tiny Node / Express script that’s fetching privkey, cert and fullchain from /etc/letsencrypt/live/kitese.duckdns.org/ to display a web cam feed over https.
It’s been working great but now my cert needs to be renewed and after running the script above I got
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for kitese.duckdns.org
…
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/kitese.duckdns.org/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/kitese.duckdns.org/privkey.pem
Your cert will expire on 2020-02-23.
Those files are pointing to fullchain2.pem etc in /archive and it all looks correct to me:
pi@raspberrypi:/etc/letsencrypt/archive/kitese.duckdns.org $ ls -l
total 32
-rw-r–r-- 1 root root 1919 Sep 6 18:52 cert1.pem
-rw-r–r-- 1 root root 1919 Nov 25 17:38 cert2.pem
-rw-r–r-- 1 root root 1647 Sep 6 18:52 chain1.pem
-rw-r–r-- 1 root root 1647 Nov 25 17:38 chain2.pem
-rw-r–r-- 1 root root 3566 Sep 6 18:52 fullchain1.pem
-rw-r–r-- 1 root root 3566 Nov 25 17:38 fullchain2.pem
-rwxr-xr-x 1 root nodecert 1704 Sep 6 18:52 privkey1.pem
-rw-r–r-- 1 root root 1704 Nov 25 17:38 privkey2.pem
pi@raspberrypi:/etc/letsencrypt/live/kitese.duckdns.org $ ls -l
total 4
-rwxr-xr-x 1 root root 692 Sep 6 18:52 README
lrwxrwxrwx 1 root root 42 Nov 25 17:38 cert.pem -> …/…/archive/kitese.duckdns.org/cert2.pem
lrwxrwxrwx 1 root root 43 Nov 25 17:38 chain.pem -> …/…/archive/kitese.duckdns.org/chain2.pem
lrwxrwxrwx 1 root root 47 Nov 25 17:38 fullchain.pem -> …/…/archive/kitese.duckdns.org/fullchain2.pem
lrwxrwxrwx 1 root root 45 Nov 25 17:38 privkey.pem -> …/…/archive/kitese.duckdns.org/privkey2.pem
However, when checking the cert in Chrome or Safari, it still says that my cert is expiring on Dec 5th (old exp date). Cert checkers like https://www.sslshopper.com/ssl-checker.html#hostname=kitese.duckdns.org also shows the old exp date.
I’ve restarted (and stop/started) the server script multiple times, still no difference.
Why is the old expiry date still showing up everywhere?
And also, how do I create a script for this to auto-renew when getting close to the expiry?