Certbot created new certificates but browsers see old one

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:similarminds.com

I ran this command:certbot command line install instructions (sucessfully)

It produced this output: sucessful install according to the command line results

My web server is (include version):centos6

The operating system my web server runs on is (include version):linux

My hosting provider, if applicable, is:ibm

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): latest certbot

i created new ssl certificate but it keeps seeing my old one in any browser i try. the old server certificate was somehow created when i setup my server and gives server name mismatch warnings, hence my need to change it. it lists the server name as server.similarminds.com. certbot updated apache httpd.conf with links to the new letsencrypt certificates which are where it says they are but somehow it keeps seeing the old ssl certificate and i can’t figure out how. any ideas?

1 Like

We need the full and exact command you’ve used.

We need the full and exact output.

And which version is that for your OS?

1 Like

1 Like

centos 6.1 certbot instructions is what i followed

1 Like

Welcome to the Let’s Encrypt Community :slightly_smiling_face:

You were trying to kill apache and yet use the apache authenticator and installer? You need apache running to use those.

Your apache may be running as HTTPD

1 Like

Nevertheless, you need to restart the web server to ensure it is using the latest cert.

1 Like

Exactamento! :slightly_smiling_face:

https://www.ssllabs.com/ssltest/analyze.html?d=similarminds.com&ignoreMismatch=on
And you may need to review/correct the web config file(s).

Currently serving a self-signed cert with name: server.similarminds.com

If you need any help, please show the config file modified by certbot:
sudo cat /etc/httpd/conf/httpd.conf

1 Like

I concur @rg305.

I see that a wide variety of subdomains have been certified in the last 24 hours:

https://crt.sh/?q=similarminds.com

Is this intentional?

1 Like

classic signs of a “TRY|FIX|FAIL” loop [until rate limit exceeded]

2 Likes

And yet, only the exact same set of domains for 2 of the certificates. Preemptive thinking or …?

i did restart apache several times.

i think the conflicting ssl certificate is coming from pki and must have auto setup when i installed the server. not quite sure how to disable it from overiding the certbot ssl certs as of yet though. any ideas?

image

i never had any issues and then last year webmin autoupdated and my ssl certificates became invalid and i’m just now getting around to trying to fix the problem.

So, a couple of initial thoughts…

  • You might want to your specific redirects in your port 80 configuration to go directly to https to avoid having multiple redirects.
  • Your specific redirects in your https are going back to http, which creates a roundabout with your general redirect in your port 80 configuration.

Just change every “http” to “https” to fix these.

that’s my brute force clueless rinse and repeat method i guess to get things to work when they kept not working. i’ve tried letsencrypt via webmin and then certbot via command line to similar failing results. it just keeps showing my ssl as self created and tied to server.similarminds.com and thus a mismatch causing browsers to redlist my url.

We will try our best to get you straightened out. :wink:

cool, thank you very much