Cert renews but is still expired in browser

This question is for a bitmani web server on AWS

I have renewed my certificate so many times that it says I have reached my rate limit, I used the command

“sudo /opt/bitmani/letsencrypt/lego --path=”/opt/bitnami/letsencrypt" --email=“my email” --domains=“domain.com” --domains=“www.domain.com” renew"

it says the cert renews but the browsers still say it expired on the 29th, I have rebooted the server and used “sudo /opt/bitnami/ctrlscript.sh stop” and “start” before and after but it sill will not update the expiration of the cert in the browsers. what am I missing?

did you reload/restarted the webserver as they only updated certs at then?

i have, even rebooted the server

where your new certs are? can you find them in /opt/bitnami/letsencrypt?

I do, i see a .crt, .issuer.crt, .json, and .key for each of the 2 domain variations I set which are www.domain.com and domain.com, i did have to go one level deeper into the certificates folder

Change webserver config to use these files for cert. Don’t move that file directly as you will ask same question 3 months later if you do that

thank you for the replies, that was very helpful

I have been unable to get the server reconfigured to use the new certs, any help would be appreciated

I have backed up the original server cert files
I have copied the certs to the apache2/conf folder

i cannot figure out how to adjust the configuration to use the new files

Hi @sstipe

please answer the following questions. That’s the standard template of #help

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

You have created new certificates - crt.sh | [redacted].net - so this part works.

So don't create a new certificate (may hit the limit).

But you don't use it, instead, there is the expired certificate.

CN=www.[redacted].net
	30.01.2019
	30.04.2019
2 days expired	
[redacted].net, www.[redacted].net - 2 entries

I'm not so firm with bitnami, but there are additional steps required to install the certificate. And there are some tutorials how to do that. Use the search function to find them.

For anyone reading this thread, I was able to correct the issue with:

cp /opt/bitnami/letsencrypt/certificates/CERTIFICATE.csr /opt/bitnami/apache2/conf
cp /opt/bitnami/letsencrypt/certificates/CERTIFICATE.key /opt/bitnami/apache2/conf

this basically copied the certificate to the correct location after renewal

THIS CAN ONLY WORK ON A BITNAMI WORDPRESS STACK

Mate, why don’t you have a snoop around in /etc/apache2/ check out the example files and man pages, also do the same for certbot. This will help you a LOT with running future upgrades and customisations

i actually created a cronjob per https://docs.bitnami.com/general/how-to/generate-install-lets-encrypt-ssl/ step 5 except adjusting the day of the month

When I do an update it generates files - /etc/letsencrypt/archive/domain.name/cert1.pem, chain1.pem, fullchain1.pem, privkey1.pem.
For my setup in lighttpd I have to
cat cert1.pem privkey1.pem > ssl1.pem
then link ssl1.pem to the /live/domain.name/ssl.pem
then reboot the server

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.