Certbot certficates

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: little-beak.com

I ran this command: certbot certificates

It produced this output: I have two certificates, apparently. But, I assume, I only need one. The output is this:

Found the following certs:
Certificate Name: www.little-beak.com
Domains: www.little-beak.com cloud.little-beak.com gitlab.little-beak.com
Expiry Date: 2019-03-23 01:50:02+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.little-beak.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.little-beak.com/privkey.pem
Certificate Name: little-beak.com
Domains: www.little-beak.com cloud.little-beak.com gitlab.little-beak.com little-beak.com
Expiry Date: 2019-01-22 16:42:08+00:00 (VALID: 30 days)
Certificate Path: /etc/letsencrypt/live/little-beak.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/little-beak.com/privkey.pem

My web server is (include version): apache/2.4.25 (Debian)

The operating system my web server runs on is (include version): Debian 9.4

My hosting provider, if applicable, is: Self-served/home.

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, command line.

The basics of my question, belie my understanding of basic web technology. I made these two certificates, at one point or another. But, I assume one is not currently being used? Also, how would I determine which one is actually being used? How would I go about removing the one I don’t need?

This should be a terribly basic question, for a lot of professional people. Sorry for the interruption.

Hi @j-autuick

checking your configuration:

Domainname Http-Status redirect Sec. G
• http://little-beak.com/
85.183.140.219 302 https://www.little-beak.com 0.060 E
• http://www.little-beak.com/
85.183.140.219 301 https://www.little-beak.com/ 0.054 A
• https://little-beak.com/
85.183.140.219 200 1.690 B
• https://www.little-beak.com 200 1.323 B
• https://www.little-beak.com/
85.183.140.219 200 1.440 B

Your certificate:

CN=www.little-beak.com
24.10.2018
22.01.2019
cloud.little-beak.com, gitlab.little-beak.com, little-beak.com, www.little-beak.com - 4 entries

So you are using a valide certificate. But it's the wrong, only 30 days valide.

So first question: Did you restart / reload your server after creating the new certificate?

If this is done (or doesn't help), try the --reinstall command:

certbot --cert-name www.little-beak.com --reinstall

PS: The online tool ( https://check-your-website.server-daten.de/?q=little-beak.com ) shows your CommonName. This isn't the "cert-name" Certbot uses to manage the certificates.

The certificate that expires in 30 days is the better one – it includes the name little-beak.com. The other only includes the subdomains.

Today just happens to be right after one of them renewed and right before the other one renews.

2 Likes

Yeah, I noticed that the “bad” one renewed yesterday, since I remembered that they last 90 days.

I did do a restart of my server while working out some other issues. Just was checking other stuff, when I came across the peculiarity that I had 2 certificates installed. I don’t want to disrupt my https subdomains, so what would be the recommended way to remove the faulty certificate??

OK, appears to be solved.

Used this command, found on the forums:

certbot delete --cert-name mywebsite.com

That’s the correct way to delete it, but if Apache – or other software – was using it, the software will stop working.

You should read through your Apache virtual hosts and make sure none of the SSLCertificate or related directives are using those files.

Now that the files are gone, a quick check is to run an Apache config test or try to reload it – it will fail if it’s trying to use those files.

Opps. So far everything seems fine, at least. Will restart apache and see if its all “still good.”

Ok, restarted, webserver still working properly.

Thanks for the help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.