Certbox says renewal succesful but "certbot certificates" still says my cert will expire tomorrow at 13:00


#1

My domain is: sooperthemes.com

I ran this command: certbot renew --cert-name sooperthemes.com --webroot -w /srv/users/serverpilot/apps/sooperthemes-com/public

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/sooperthemes.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Cert is due for renewal, auto-renewing...

Plugins selected: Authenticator webroot, Installer None

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for app.sooperthemes.com

http-01 challenge for sooperthemes.com

http-01 challenge for www.sooperthemes.com

Using the webroot path /srv/users/serverpilot/apps/sooperthemes-com/public for all unmatched domains.

Waiting for verification...

Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

new certificate deployed without reload, fullchain is

/etc/letsencrypt/live/sooperthemes.com/fullchain.pem

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:

/etc/letsencrypt/live/sooperthemes.com/fullchain.pem (success)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

root@sooperthemes:/etc/nginx-sp/vhosts.d# certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

My web server is (include version): nginx-serverpilot. nginx version: nginx/1.15.8. Some subdomains have cloudflare in front, that’s why I use webroot instead of standalone server.

The operating system my web server runs on is (include version):

Distributor ID: Ubuntu
Description: Ubuntu 16.04.5 LTS
Release: 16.04
Codename: xenial

I can login to a root shell on my machine (yes):

I’m using a control panel to manage my site (no):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0


After the update the certbot overview command still says this particular ssl will expire tomorrow:

root@sooperthemes:/etc/nginx-sp/vhosts.d# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: affiliate.sooperthemes.com
    Domains: affiliate.sooperthemes.com
    Expiry Date: 2019-04-25 07:27:21+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/affiliate.sooperthemes.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/affiliate.sooperthemes.com/privkey.pem
  Certificate Name: sooperthemes.com
    Domains: sooperthemes.com app.sooperthemes.com www.sooperthemes.com
    Expiry Date: 2019-01-26 13:11:51+00:00 (VALID: 1 day)
    Certificate Path: /etc/letsencrypt/live/sooperthemes.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/sooperthemes.com/privkey.pem
  Certificate Name: demo-auth.sooperthemes.com
    Domains: demo-auth.sooperthemes.com www.demo-auth.sooperthemes.com
    Expiry Date: 2019-03-27 17:06:30+00:00 (VALID: 61 days)
    Certificate Path: /etc/letsencrypt/live/demo-auth.sooperthemes.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/demo-auth.sooperthemes.com/privkey.pem
  Certificate Name: app.sooperthemes.com
    Domains: app.sooperthemes.com
    Expiry Date: 2019-04-25 07:27:34+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/app.sooperthemes.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/app.sooperthemes.com/privkey.pem
  Certificate Name: demo.sooperthemes.com
    Domains: demo.sooperthemes.com
    Expiry Date: 2019-03-27 17:06:38+00:00 (VALID: 61 days)
    Certificate Path: /etc/letsencrypt/live/demo.sooperthemes.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/demo.sooperthemes.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

#2

Hi @perikles

reload your server :wink:

Looks like you use certonly, then you have to do that.


#3

Please post “sudo ls -alR /etc/letsencrypt/{archive,live,renewal}”.


#4
root@sooperthemes:/etc/nginx-sp/vhosts.d# sudo ls -alR /etc/letsencrypt/{archive,live,renewal}

/etc/letsencrypt/archive:

total 32

drwx------ 8 root root 4096 Oct 28 14:10 .

drwxr-xr-x 9 root root 4096 Jan 25 09:04 ..

drwxr-xr-x 2 root root 4096 Jan 25 08:27 affiliate.sooperthemes.com

drwxr-xr-x 2 root root 4096 Jan 25 08:27 app.sooperthemes.com

drwxr-xr-x 2 root root 4096 Dec 27 18:06 demo-auth.sooperthemes.com

drwxr-xr-x 2 root root 4096 Dec 27 18:06 demo.sooperthemes.com

drwxr-xr-x 2 root root 4096 Jan 25 08:37 sooperthemes.com

drwxr-xr-x 2 root root 4096 Oct 28 14:11 sooperthemes.com-0001

/etc/letsencrypt/archive/affiliate.sooperthemes.com:

total 88

drwxr-xr-x 2 root root 4096 Jan 25 08:27 .

drwx------ 8 root root 4096 Oct 28 14:10 ..

-rw-r--r-- 1 root root 1826 Feb 20 2018 cert1.pem

-rw-r--r-- 1 root root 2183 Apr 30 2018 cert2.pem

-rw-r--r-- 1 root root 2183 Jul 30 13:41 cert3.pem

-rw-r--r-- 1 root root 2183 Oct 28 13:37 cert4.pem

-rw-r--r-- 1 root root 1939 Jan 25 08:27 cert5.pem

-rw-r--r-- 1 root root 1647 Feb 20 2018 chain1.pem

-rw-r--r-- 1 root root 1647 Apr 30 2018 chain2.pem

-rw-r--r-- 1 root root 1647 Jul 30 13:41 chain3.pem

-rw-r--r-- 1 root root 1647 Oct 28 13:37 chain4.pem

-rw-r--r-- 1 root root 1647 Jan 25 08:27 chain5.pem

-rw-r--r-- 1 root root 3473 Feb 20 2018 fullchain1.pem

-rw-r--r-- 1 root root 3830 Apr 30 2018 fullchain2.pem

-rw-r--r-- 1 root root 3830 Jul 30 13:41 fullchain3.pem

-rw-r--r-- 1 root root 3830 Oct 28 13:37 fullchain4.pem

-rw-r--r-- 1 root root 3586 Jan 25 08:27 fullchain5.pem

-rw-r--r-- 1 root root 1704 Feb 20 2018 privkey1.pem

-rw-r--r-- 1 root root 1704 Apr 30 2018 privkey2.pem

-rw-r--r-- 1 root root 1704 Jul 30 13:41 privkey3.pem

-rw-r--r-- 1 root root 1704 Oct 28 13:37 privkey4.pem

-rw-r--r-- 1 root root 1708 Jan 25 08:27 privkey5.pem

/etc/letsencrypt/archive/app.sooperthemes.com:

total 88

drwxr-xr-x 2 root root 4096 Jan 25 08:27 .

drwx------ 8 root root 4096 Oct 28 14:10 ..

-rw-r--r-- 1 root root 1809 Feb 22 2018 cert1.pem

-rw-r--r-- 1 root root 2167 Apr 30 2018 cert2.pem

-rw-r--r-- 1 root root 2167 Jul 30 13:41 cert3.pem

-rw-r--r-- 1 root root 2167 Oct 28 13:37 cert4.pem

-rw-r--r-- 1 root root 1923 Jan 25 08:27 cert5.pem

-rw-r--r-- 1 root root 1647 Feb 22 2018 chain1.pem

-rw-r--r-- 1 root root 1647 Apr 30 2018 chain2.pem

-rw-r--r-- 1 root root 1647 Jul 30 13:41 chain3.pem

-rw-r--r-- 1 root root 1647 Oct 28 13:37 chain4.pem

-rw-r--r-- 1 root root 1647 Jan 25 08:27 chain5.pem

-rw-r--r-- 1 root root 3456 Feb 22 2018 fullchain1.pem

-rw-r--r-- 1 root root 3814 Apr 30 2018 fullchain2.pem

-rw-r--r-- 1 root root 3814 Jul 30 13:41 fullchain3.pem

-rw-r--r-- 1 root root 3814 Oct 28 13:37 fullchain4.pem

-rw-r--r-- 1 root root 3570 Jan 25 08:27 fullchain5.pem

-rw-r--r-- 1 root root 1704 Feb 22 2018 privkey1.pem

-rw-r--r-- 1 root root 1708 Apr 30 2018 privkey2.pem

-rw-r--r-- 1 root root 1704 Jul 30 13:41 privkey3.pem

-rw-r--r-- 1 root root 1704 Oct 28 13:37 privkey4.pem

-rw-r--r-- 1 root root 1704 Jan 25 08:27 privkey5.pem

/etc/letsencrypt/archive/demo-auth.sooperthemes.com:

total 56

drwxr-xr-x 2 root root 4096 Dec 27 18:06 .

drwx------ 8 root root 4096 Oct 28 14:10 ..

-rw-r--r-- 1 root root 2224 Oct 28 14:10 cert1.pem

-rw-r--r-- 1 root root 2228 Oct 28 14:11 cert2.pem

-rw-r--r-- 1 root root 1984 Dec 27 18:06 cert3.pem

-rw-r--r-- 1 root root 1647 Oct 28 14:10 chain1.pem

-rw-r--r-- 1 root root 1647 Oct 28 14:11 chain2.pem

-rw-r--r-- 1 root root 1647 Dec 27 18:06 chain3.pem

-rw-r--r-- 1 root root 3871 Oct 28 14:10 fullchain1.pem

-rw-r--r-- 1 root root 3875 Oct 28 14:11 fullchain2.pem

-rw-r--r-- 1 root root 3631 Dec 27 18:06 fullchain3.pem

-rw-r--r-- 1 root root 1704 Oct 28 14:10 privkey1.pem

-rw-r--r-- 1 root root 1704 Oct 28 14:11 privkey2.pem

-rw-r--r-- 1 root root 1704 Dec 27 18:06 privkey3.pem

/etc/letsencrypt/archive/demo.sooperthemes.com:

total 72

drwxr-xr-x 2 root root 4096 Dec 27 18:06 .

drwx------ 8 root root 4096 Oct 28 14:10 ..

-rw-r--r-- 1 root root 1814 Jan 30 2018 cert1.pem

-rw-r--r-- 1 root root 2171 May 1 2018 cert2.pem

-rw-r--r-- 1 root root 2167 Oct 28 18:00 cert3.pem

-rw-r--r-- 1 root root 1927 Dec 27 18:06 cert4.pem

-rw-r--r-- 1 root root 1647 Jan 30 2018 chain1.pem

-rw-r--r-- 1 root root 1647 May 1 2018 chain2.pem

-rw-r--r-- 1 root root 1647 Oct 28 18:00 chain3.pem

-rw-r--r-- 1 root root 1647 Dec 27 18:06 chain4.pem

-rw-r--r-- 1 root root 3461 Jan 30 2018 fullchain1.pem

-rw-r--r-- 1 root root 3818 May 1 2018 fullchain2.pem

-rw-r--r-- 1 root root 3814 Oct 28 18:00 fullchain3.pem

-rw-r--r-- 1 root root 3574 Dec 27 18:06 fullchain4.pem

-rw-r--r-- 1 root root 1704 Jan 30 2018 privkey1.pem

-rw-r--r-- 1 root root 1704 May 1 2018 privkey2.pem

-rw-r--r-- 1 root root 1704 Oct 28 18:00 privkey3.pem

-rw-r--r-- 1 root root 1704 Dec 27 18:06 privkey4.pem

/etc/letsencrypt/archive/sooperthemes.com:

total 72

drwxr-xr-x 2 root root 4096 Jan 25 08:37 .

drwx------ 8 root root 4096 Oct 28 14:10 ..

-rw-r--r-- 1 root root 1830 Feb 20 2018 cert1.pem

-rw-r--r-- 1 root root 2183 May 1 2018 cert2.pem

-rw-r--r-- 1 root root 2187 Jul 30 14:34 cert3.pem

-rw-r--r-- 1 root root 1972 Jan 25 08:52 cert5.pem

-rw-r--r-- 1 root root 1647 Feb 20 2018 chain1.pem

-rw-r--r-- 1 root root 1647 May 1 2018 chain2.pem

-rw-r--r-- 1 root root 1647 Jul 30 14:34 chain3.pem

-rw-r--r-- 1 root root 1647 Jan 25 08:52 chain5.pem

-rw-r--r-- 1 root root 3477 Feb 20 2018 fullchain1.pem

-rw-r--r-- 1 root root 3830 May 1 2018 fullchain2.pem

-rw-r--r-- 1 root root 3834 Jul 30 14:34 fullchain3.pem

-rw-r--r-- 1 root root 3619 Jan 25 08:52 fullchain5.pem

-rw-r--r-- 1 root root 1704 Feb 20 2018 privkey1.pem

-rw-r--r-- 1 root root 1708 May 1 2018 privkey2.pem

-rw-r--r-- 1 root root 1704 Jul 30 14:34 privkey3.pem

-rw-r--r-- 1 root root 1704 Jan 25 08:52 privkey5.pem

/etc/letsencrypt/archive/sooperthemes.com-0001:

total 72

drwxr-xr-x 2 root root 4096 Oct 28 14:11 .

drwx------ 8 root root 4096 Oct 28 14:10 ..

-rw-r--r-- 1 root root 2183 Jul 30 14:33 cert1.pem

-rw-r--r-- 1 root root 2216 Oct 28 14:10 cert2.pem

-rw-r--r-- 1 root root 2216 Oct 28 14:10 cert3.pem

-rw-r--r-- 1 root root 2216 Oct 28 14:11 cert4.pem

-rw-r--r-- 1 root root 1647 Jul 30 14:33 chain1.pem

-rw-r--r-- 1 root root 1647 Oct 28 14:10 chain2.pem

-rw-r--r-- 1 root root 1647 Oct 28 14:10 chain3.pem

-rw-r--r-- 1 root root 1647 Oct 28 14:11 chain4.pem

-rw-r--r-- 1 root root 3830 Jul 30 14:33 fullchain1.pem

-rw-r--r-- 1 root root 3863 Oct 28 14:10 fullchain2.pem

-rw-r--r-- 1 root root 3863 Oct 28 14:10 fullchain3.pem

-rw-r--r-- 1 root root 3863 Oct 28 14:11 fullchain4.pem

-rw-r--r-- 1 root root 1704 Jul 30 14:33 privkey1.pem

-rw-r--r-- 1 root root 1704 Oct 28 14:10 privkey2.pem

-rw-r--r-- 1 root root 1704 Oct 28 14:10 privkey3.pem

-rw-r--r-- 1 root root 1704 Oct 28 14:11 privkey4.pem

/etc/letsencrypt/live:

total 28

drwx------ 7 root root 4096 Oct 28 14:33 .

drwxr-xr-x 9 root root 4096 Jan 25 09:04 ..

drwxr-xr-x 2 root root 4096 Jan 25 08:27 affiliate.sooperthemes.com

drwxr-xr-x 2 root root 4096 Jan 25 08:27 app.sooperthemes.com

drwxr-xr-x 2 root root 4096 Dec 27 18:06 demo-auth.sooperthemes.com

drwxr-xr-x 2 root root 4096 Dec 27 18:06 demo.sooperthemes.com

drwxr-xr-x 2 root root 4096 Jan 25 08:52 sooperthemes.com

/etc/letsencrypt/live/affiliate.sooperthemes.com:

total 8

drwxr-xr-x 2 root root 4096 Jan 25 08:27 .

drwx------ 7 root root 4096 Oct 28 14:33 ..

lrwxrwxrwx 1 root root 50 Jan 25 08:27 cert.pem -> ../../archive/affiliate.sooperthemes.com/cert5.pem

lrwxrwxrwx 1 root root 51 Jan 25 08:27 chain.pem -> ../../archive/affiliate.sooperthemes.com/chain5.pem

lrwxrwxrwx 1 root root 55 Jan 25 08:27 fullchain.pem -> ../../archive/affiliate.sooperthemes.com/fullchain5.pem

lrwxrwxrwx 1 root root 53 Jan 25 08:27 privkey.pem -> ../../archive/affiliate.sooperthemes.com/privkey5.pem

/etc/letsencrypt/live/app.sooperthemes.com:

total 8

drwxr-xr-x 2 root root 4096 Jan 25 08:27 .

drwx------ 7 root root 4096 Oct 28 14:33 ..

lrwxrwxrwx 1 root root 44 Jan 25 08:27 cert.pem -> ../../archive/app.sooperthemes.com/cert5.pem

lrwxrwxrwx 1 root root 45 Jan 25 08:27 chain.pem -> ../../archive/app.sooperthemes.com/chain5.pem

lrwxrwxrwx 1 root root 49 Jan 25 08:27 fullchain.pem -> ../../archive/app.sooperthemes.com/fullchain5.pem

lrwxrwxrwx 1 root root 47 Jan 25 08:27 privkey.pem -> ../../archive/app.sooperthemes.com/privkey5.pem

/etc/letsencrypt/live/demo-auth.sooperthemes.com:

total 12

drwxr-xr-x 2 root root 4096 Dec 27 18:06 .

drwx------ 7 root root 4096 Oct 28 14:33 ..

-rw-r--r-- 1 root root 682 Oct 28 14:10 README

lrwxrwxrwx 1 root root 50 Dec 27 18:06 cert.pem -> ../../archive/demo-auth.sooperthemes.com/cert3.pem

lrwxrwxrwx 1 root root 51 Dec 27 18:06 chain.pem -> ../../archive/demo-auth.sooperthemes.com/chain3.pem

lrwxrwxrwx 1 root root 55 Dec 27 18:06 fullchain.pem -> ../../archive/demo-auth.sooperthemes.com/fullchain3.pem

lrwxrwxrwx 1 root root 53 Dec 27 18:06 privkey.pem -> ../../archive/demo-auth.sooperthemes.com/privkey3.pem

/etc/letsencrypt/live/demo.sooperthemes.com:

total 8

drwxr-xr-x 2 root root 4096 Dec 27 18:06 .

drwx------ 7 root root 4096 Oct 28 14:33 ..

lrwxrwxrwx 1 root root 45 Dec 27 18:06 cert.pem -> ../../archive/demo.sooperthemes.com/cert4.pem

lrwxrwxrwx 1 root root 46 Dec 27 18:06 chain.pem -> ../../archive/demo.sooperthemes.com/chain4.pem

lrwxrwxrwx 1 root root 50 Dec 27 18:06 fullchain.pem -> ../../archive/demo.sooperthemes.com/fullchain4.pem

lrwxrwxrwx 1 root root 48 Dec 27 18:06 privkey.pem -> ../../archive/demo.sooperthemes.com/privkey4.pem

/etc/letsencrypt/live/sooperthemes.com:

total 8

drwxr-xr-x 2 root root 4096 Jan 25 08:52 .

drwx------ 7 root root 4096 Oct 28 14:33 ..

lrwxrwxrwx 1 root root 45 Jan 25 08:52 cert.pem -> ../../archive/sooperthemes.com-0001/cert4.pem

lrwxrwxrwx 1 root root 46 Jan 25 08:52 chain.pem -> ../../archive/sooperthemes.com-0001/chain4.pem

lrwxrwxrwx 1 root root 50 Jan 25 08:52 fullchain.pem -> ../../archive/sooperthemes.com-0001/fullchain4.pem

lrwxrwxrwx 1 root root 48 Jan 25 08:52 privkey.pem -> ../../archive/sooperthemes.com-0001/privkey4.pem

/etc/letsencrypt/renewal:

total 40

drwxr-xr-x 2 root root 4096 Jan 25 08:52 .

drwxr-xr-x 9 root root 4096 Jan 25 09:04 ..

-rw-r--r-- 1 root root 1024 Jul 30 15:11 .demo.sooperthemes.com.conf.swp

-rw-r--r-- 1 root root 1024 Jul 30 14:42 .sooperthemes.com.conf.swp

-rw-r--r-- 1 root root 642 Jan 25 08:27 affiliate.sooperthemes.com.conf

-rw-r--r-- 1 root root 612 Jan 25 08:27 app.sooperthemes.com.conf

-rw-r--r-- 1 root root 773 Dec 27 18:06 demo-auth.sooperthemes.com.conf

-rw-r--r-- 1 root root 656 Dec 27 18:06 demo.sooperthemes.com.conf

-rwxr-xr-x 1 root root 864 Oct 28 14:11 sooperthemes.com-0001.conf.txt

-rw-r--r-- 1 root root 839 Jan 25 08:52 sooperthemes.com.conf

#5

I added the output of “certbot certificates” and I think it shows the cert is in fact not renewed, I think reloading the webserver won’t have effect on this certbot listing right?


#6

The cert you that expires tomorrow has three names.
One is already covered by a separate individual cert.
Are you covering that single name separately?
Can remove that single name from the first cert (to force it as new set of names)?
Or break the three names into three certs?


#7

Thanks I deleted the separate app.sooperthemes.com cert because it was not being used.
I’m not sure what you mean by splitting up the 3 certs, it has been working fine like this for about half a year. I also don’t know how to do this.


#8

I can’t type right now but it was renewed. Probably 5 times. And saved. The sym links are just wrong.


#9

I’m seeing this strange 0001 paths but I don’t see where the symlinks are wrong, it seems like they are pointing to the right paths including the 0001:
root@sooperthemes:/etc/nginx-sp/vhosts.d# ls -la /etc/letsencrypt/live/sooperthemes.com/

total 8

drwxr-xr-x 2 root root 4096 Jan 25 08:52 **.**

drwx------ 6 root root 4096 Jan 25 09:39 **..**

lrwxrwxrwx 1 root root 45 Jan 25 08:52 **cert.pem** -> ../../archive/sooperthemes.com-0001/cert4.pem

lrwxrwxrwx 1 root root 46 Jan 25 08:52 **chain.pem** -> ../../archive/sooperthemes.com-0001/chain4.pem

lrwxrwxrwx 1 root root 50 Jan 25 08:52 **fullchain.pem** -> ../../archive/sooperthemes.com-0001/fullchain4.pem

lrwxrwxrwx 1 root root 48 Jan 25 08:52 **privkey.pem** -> ../../archive/sooperthemes.com-0001/privkey4.pem

#10

Okay my cat moved.

They’re wrong because the symlinks in /etc/letsencrypt/live/sooperthemes.com/ need to point to /etc/letsencrypt/archive/sooperthemes.com/.

You created a sooperthemes.com-0001 certificate, then renamed and removed things, but didn’t adjust the symlinks.

So Certbot is saving the new certificates in /etc/letsencrypt/archive/sooperthemes.com/, as it should, but the symlinks in /etc/letsencrypt/live/sooperthemes.com/ are pointing somewhere else.


#11

Take a backup of /etc/letsencrypt/ and then try fixing them with something like:

sudo ln -fs ../../archive/sooperthemes.com/cert5.pem /etc/letsencrypt/live/sooperthemes.com/cert.pem
sudo ln -fs ../../archive/sooperthemes.com/chain5.pem /etc/letsencrypt/live/sooperthemes.com/chain.pem
sudo ln -fs ../../archive/sooperthemes.com/fullchain5.pem /etc/letsencrypt/live/sooperthemes.com/fullchain.pem
sudo ln -fs ../../archive/sooperthemes.com/privkey5.pem /etc/letsencrypt/live/sooperthemes.com/privkey.pem

I think that’s correct, but I’m not awake enough to certify anything I say for sure.


#12

Yeah thanks a lot I just ran a similar command and it fixed the issue:

rm cert.pem && ln -s ../../archive/sooperthemes.com/cert5.pem cert.pem && rm chain.pem && ln -s ../../archive/sooperthemes.com/chain5.pem chain.pem && rm fullchain.pem && ln -s ../../archive/sooperthemes.com/fullchain5.pem fullchain.pem && rm privkey.pem && ln -s ../../archive/sooperthemes.com/privkey5.pem privkey.pem

Do you think this will be a permanent fix or is there possibly some configuration file I should check for paths containing the 0001 suffix?


#13

What I mean is I think the 3 named cert needs to be removed and replced.
But before doing that and in order to not leave you without any cert while it gets “fixed”.
If you can use the certs individually (even if only for a day or two), then you can get through this “crisis”
To use them separately you will have to split the virtualhost file (or server block) that contains the three names into three separate files (or blocks).
[which is basically just a cut and paste paste paste or copy file1 to file2 & file3 then edit each file or block and restart your web service]

Yes, but something broke (probably more than 30 days ago). And now that cert is going to expire.
So I’m proposing you do “whatever” it takes to get you a new cert and then you’ll have 90 days to fix it correctly/better.


#14

Thanks, I think it’s resolved by fixing the symlinks, hopefully renewal will work properly next time without adding the 0001 paths


#15

I hope so, 5 certs have already been issued to those same three names today:
https://crt.sh/?q=www.sooperthemes.com


#16

I think it’s okay, but double check /etc/letsencrypt/renewal/sooperthemes.com.conf to be sure.


#17

I’m not sure why the three names are on the same cert…
Two of the names are behind CloudFlare and the other is not.
That third name does now show a recently renewed cert; so that is good news :slight_smile:


#18

@mnordhoff thanks, that file looks to have the correct paths.

@rg305 sorry for spamming the cert server, I was trying different renewal modes because I couldn’t figure out why the renewal didn’t take effect. I have 3 domain names under the same cert because they point to the same webroot. 2 subdomains are cached by cloudflare but they still need ssl for communication between cloudflare and the webserver.