I inherited a WordPress multisite hosted on a Google Cloud VM (which I'm not that familiar with - this is a secondary site for one of my clients and she no longer has her IT guy). The SSL certificate expired a couple of days ago, and I've been trying to get the sites "secure" again.
I cannot figure out how the certificates were previously issued. I installed and ran certbot. It looks like the certificate was issued - from crt.sh | gacccalifornia.org, but the sites still show insecure and the old certification (expired 6 Aug).
I'm obviously in over my head and would be grateful for any pointers in the right direction.
My domain is: gacccalifornia.org (this is the primary domain for the multisite).
My web server is (include version): nginx 1.24.0 (I think - httpd -v returns command not found, although netstat shows both nginx and apache2 listening on port 80 and 443, apache2 only for 127.0.0.1 though)
The operating system my web server runs on is (include version): Ubuntu 20.04.6 LTS
My hosting provider, if applicable, is: Google Cloud VM
I can login to a root shell on my machine (yes or no, or I don't know): No, I can't log in as root, but I can log in and sudo.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0
The service responding on port 80 for that domain is nginx. The previous administrator either used a wordpress plugin to manage certs or they may have used acme.sh or some other acme tool.
If you have a new cert using certbot (your version is very old) then have a look in your nginx configuration files e.g. https://ubuntu.com/server/docs/how-to-configure-nginx - perhaps grep for ssl_certificate - you need to tell nginx where to find the updated fulchain.pem and key file (found under the certbot /live/ directory then restart nginx.
Certbot can manage nginx config itself but only if you tell it to and you'd need to ensure you were using a current version. Certbot Instructions | Certbot
There was a cert issued for just that domain name on Aug9. But, the cert currently being used for requests to that domain contains a large number of domain names. This cert is probably managed in the WordPress Multisite setup. Perhaps one of those domains is no longer viable and prevents renewal? I am just guessing as I don't have insight into their system.
crt.sh only shows names that match your search term. Other tools are sometimes more useful such as: Let's Debug Toolkit
I am not a WordPress expert so can't help much more. But, if there's a forum for that particular WordPress package it would be worth asking about this there.
Here is a pic of the SANs list in case the cert search tools are not currently available (sometimes that happens)
Thank you! I'm still trying to sort through this mess. I don't think the IT guy updated this server in forever, looks like it's running a ton of old packages, plus still on PHP 7.4.
I thought I had this figured out; I ran sudo certbot -d with each domain name, and it worked. Then when I checked a bit later, the sites were insecure again. I think it does have to do with the multisite.
I know some of those domains are expired, so that's a great thought to check those! I appreciate the links to the tools as well.
I'm pretty good with WordPress but not multisite, and I definitely don't use Google Cloud, so I'm floundering. I appreciate your help!
