I have a few domains. Recently, one domain stopped being presented as secure by my web server.
The domain hosting service (cloudflare) doesn't show any issues.
On my host however, I find these issues:
On the web server (nginx), I see, from within the config file for the afflicted domain:
server_name [REDACTED].com;
ssl_certificate /etc/letsencrypt/live/[REDACTED].com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/[REDACTED].com-0001/privkey.pem; # managed by Certbot
access_log /var/log/nginx/[REDACTED].ssl_access_log main;
error_log /var/log/nginx/[REDACTED].ssl_error_log info;
...while, in thedirectory /etc/letseycrypt/live/, I find three directories:
[RECACTED].com
[RECACTED].com-0001
[RECACTED].com-0002
I've seen the "000N" pattern before, no argument there, it's used as a tactic to cope when something changes, and we're avoiding interaction with a human. Keen. But in this case, as you can see, the "0002" instance didn't make it all the way to the nginx section.
Another detail: of the domains I host, this one happens to be the one whose key was updated most recently (2025-05-10); that's when the "0002" file was created; that's why the web server doesn't see the new key; and so I want to not just fix this instance, but also to avoid future cases of it; why did this happen?
One guess: around the same time that this latest key update took place, I rearranged my web server's config file: in the past, the whole thing was on one page. Now, each domain has its own file, under "/etc/nginx/nginx.d/". If that's what made my domains unreachable by letsencrypt (again: if), how might I fix that?
Thanks!