Certbot renewal, does not renew

Screen Shot 2021-03-01 at 11.52.04 AM

I've started with 'certbot renew'

Please see this original thread describing the original problems I've had with this...and how I scraped together a solution at the time. I want to avoid this going forward and have the setup foolproof and easily renewed automatically...

Hi there,

From the end of your previous thread, @Osiris said:

Are you confirming that you've tried that? [Note: I am not a coder, but I also do want to make sure that we're not retreading over ground that was covered previously.]

1 Like

Hi @brokenbricks,

Are these sites meant to be publicly accessible by the Internet at large?

They're all hosted on the same server, right?


These are silly domains that host marketing landing pages, but of course they need to be live and working.

I've managed to hack together something again it seems.

I originally tried this command, as I had saved it in my notes from previous attempt as what should work in 3 months when cert expired.

certbot certonly --webroot -w /var/www/html -d pulsenews.online -d www.pulsenews.online -d dailytrends.digital -d www.dailytrends.digital -d dailypulse.online -d www.dailypulse.online

This produced the DNS error and 'unauthorized error'.

One of these domains isn't being used nor pointing correctly to the server so I believe that's what happened. I removed it and re tried the command

certbot certonly --webroot -w /var/www/html -d pulsenews.online -d www.pulsenews.online -d dailypulse.online -d www.dailypulse.online

This seemed to work and created a new cert for these.

The original expired within the hour, and all sites had errors and went dead.

I remembered the 000-default-le-ssl.conf file, and edited it, it was pointing to the old CERT still, so I modified it to the new directory. ( xxxxxxx-0001)

Tried to restart apache, which produced another warning (no domain found, servername, something something) but seems to have reloaded regardless. And now everything seems ok.

Also the domain i omitted, seems to somehow have been included and updated as well.

clearly this is not the best way to go about this, and I'll have to remember all this in 90 days or sooner. I'd love to know the proper way to do it should I ever start over on a new server....

Ideally, you won't have to use --standalone or --webroot at all, nor certonly. The best experience is likely to be with the full nginx or Apache integration, as appropriate:

certbot --apache


certbot --nginx

These both assume that you have your sites already set up and working in HTTP with appropriate virtual hosts/server blocks; they use those directly as a basis for creating new HTTPS virtual hosts/server blocks.

--standalone, --webroot, and certonly are all options that are less integrated with your web server and so entail more manual configuration work for you. They're most relevant if you don't have a web server application that Certbot can directly integrate with at all.

If you need to change the names in an existing certificate, use --cert-name and the old certificate's cert name to specify that you want to replace that one when requesting the modified certificate; otherwise you get that -0001 stuff because Certbot assumes you might still want the old certificate, even if there is a high level of overlap between the new and old certificates' domain name coverage.

You can always use certbot certificates to see which certificates you have and what names they cover.

1 Like

I'll have to carry on with this for the time being.

I need to add an additional domain actually.

So I've registered newdomain.com

What is the easiest / safest way to add this to the SSL cert, or create one specific for this domain?

same server / ip address as all the rest.

Certbot's Apache integration is based on Apache VirtualHosts. So,

if newdomain.com is part of the same (HTTP) VirtualHost as other domain names on an existing certificate, find the cert name for the existing certificate, find the list of names covered by the existing certificate (with certbot certificates), then run

certbot --cert-name oldcertname --apache -d oldname1 -d oldname2 -d oldname3 -d oldname4 [...] -d newdomain.com -d www.newdomain.com

assuming that you want to cover www.newdomain.com and that it's listed in the existing VirtualHost alongside newdomain.com.

On the other hand, to

if it's a separate HTTP VirtualHost, use

certbot --apache -d newdomain.com -d www.newdomain.com

after creating the HTTP VirtualHost for newdomain.com and www.newdomain.com.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.