Certbot with Apache - New Certificates Obtained but Apache Not Restarted So They Are Not in Use

Help
8

Hi again,

Okay, I got it work now with your tips and some fiddeling :slight_smile:

First to answer your question: Nope, I did not to intend to have two separate certs for my domain. In fact I use anyway only www and even use mod-rewrite to rewrite anything else like xxx.domain or http://domain always to my www. This means nobody ever use http://domain which seems the cert which does not want to renew.

So here is what I did.

I checked the /etc/letsencrypt directory and deleted the cert for e-familynet.com (without the www) from all folders which had something with this cert. than i also made sure that the httpd/conf/sites config file for the domain reads the correct letsencrypt certs (which it did not). My conf did point to the e-familynet.com version without the www but the cert for www was present in the letsencryot folder. I think I messed something up when I first tried to install all.

Again, I am not half a pro in this area and I am happy I survive with the help of guys like you :slight_smile:
Once I deleted the e-familynet.com cert, and edited my conf to use the www cert I tried again the --dry-run version and it did go through without a problem.

Now it shows:

/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.e-familynet.com.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for www.e-familynet.com
Waiting for verification...
Cleaning up challenges

-------------------------------------------------------------------------------
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/www.e-familynet.com/fullchain.pem
-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/www.e-familynet.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)

I guess I am fine now and can add this as cronjob as described in your docs to make sure my cert is always active.

Thank you so much for your great support here, I really appreciate it. thx