Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
cirs.forward-scatter.com
I ran this command:
certbot --renew (via cron job)
It produced this output:
2021-09-20 04:33:12,842:DEBUG:certbot._internal.storage:Writing new private key to /etc/letsencrypt/archive/cirs.forward-scatter.com/privkey6.pem.
2021-09-20 04:33:12,842:DEBUG:certbot._internal.storage:Writing certificate to /etc/letsencrypt/archive/cirs.forward-scatter.com/cert6.pem.
2021-09-20 04:33:12,843:DEBUG:certbot._internal.storage:Writing chain to /etc/letsencrypt/archive/cirs.forward-scatter.com/chain6.pem.
2021-09-20 04:33:12,843:DEBUG:certbot._internal.storage:Writing full chain to /etc/letsencrypt/archive/cirs.forward-scatter.com/fullchain6.pem.
2021-09-20 04:33:12,861:DEBUG:certbot._internal.storage:Writing new config /etc/letsencrypt/renewal/cirs.forward-scatter.com.conf.new.
2021-09-20 04:33:12,866:INFO:certbot.compat.misc:Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/reload_apache.sh
2021-09-20 04:33:12,891:DEBUG:certbot.display.util:Notifying user: new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/cirs.forward-scatter.com/fullchain.pem
2021-09-20 04:33:12,894:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2021-09-20 04:33:12,894:DEBUG:certbot.display.util:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-09-20 04:33:12,894:DEBUG:certbot.display.util:Notifying user: Congratulations, all renewals succeeded:
2021-09-20 04:33:12,894:DEBUG:certbot.display.util:Notifying user: /etc/letsencrypt/live/cirs.forward-scatter.com/fullchain.pem (success)
2021-09-20 04:33:12,894:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-09-20 04:33:12,894:DEBUG:certbot._internal.renewal:no renewal failures
My web server is (include version):
Apache/2.4.46
The operating system my web server runs on is (include version):
MacOs 11.4
My hosting provider, if applicable, is:
None
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
1.14.0
After creating my certificates just fine, the log above has:
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/reload_apache.sh
The contents of this file are:
#!/bin/sh
apachectl graceful
So I would think my apache has been gracefully restarted and that newer pages would have the updated credentials. However visiting the web site, I'm still seeing the certificate that is about to expire in three weeks.
If I run the deploy/reload_apache.sh by hand (which I just did), it works fine. If I renew my certificate by using a --force-renewal, it works fine. It only fails when the certificate is renewed as part of a cron job.