Certbot-auto is not resulting in updated certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: systematicpoliticalscience.com

I ran this command: certbot-auto

It produced this output:
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/systematicpoliticalscience.com.conf)

It contains these names: systematicpoliticalscience.com,
www.systematicpoliticalscience.com

You requested these names for the new certificate:
systematicpoliticalscience.org, systematicpoliticalscience.com,
new.systematicpoliticalscience.com, old.systematicpoliticalscience.com,
www.systematicpoliticalscience.org, www.systematicpoliticalscience.com.

Do you want to expand and replace this existing certificate with the new
certificate?


(E)xpand/©ancel: e
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for new.systematicpoliticalscience.com
http-01 challenge for old.systematicpoliticalscience.com
http-01 challenge for systematicpoliticalscience.com
http-01 challenge for systematicpoliticalscience.org
http-01 challenge for www.systematicpoliticalscience.com
http-01 challenge for www.systematicpoliticalscience.org
Waiting for verification…
Challenge failed for domain old.systematicpoliticalscience.com
Challenge failed for domain new.systematicpoliticalscience.com
http-01 challenge for old.systematicpoliticalscience.com
http-01 challenge for new.systematicpoliticalscience.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):

Apache
Server version: Apache/2.4.10 (Debian)
Server built: Sep 30 2019 19:32:08

The operating system my web server runs on is (include version):
Debian / Jesse

My hosting provider, if applicable, is:
Linode

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.4.0

I received a complaint today that systematicpoliticalscience.com is giving an error. It appears to have an expired certificate. This time, running certbot-auto a few different ways did not result in a new certificate being installed; https://systematicpoliticalscience.com is still reporting an expired certificate.

What should I be doing differently so that a fresh new certificate is served up from systematicpoliticalscience.com?

1 Like

Ensure that port 80 (HTTP) is open to the Internet.

This is what I see:

curl: (7) Failed to connect to new.systematicpoliticalscience.com port 80: Connection timed out

This is what others see:

image


image

And to complicate matters even more…
The two failing names don’t resolve to the same IP:

Name:    new.systematicpoliticalscience.com
Address:  54.218.143.2

Name:    haywardfamily.org
Address:  24.15.80.74
Aliases:  old.systematicpoliticalscience.com
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.