Certificat timed out, certonly command useless

Please fill out the fields below so we can help you better.

My domain is: https://www.ski-service-les-menuires.fr

I ran this command: certbot certonly

It produced this output: certificat expired since the 3rd june 2017

My web server is (include version): Simple Hosting

The operating system my web server runs on is (include version):Debian, Apache

My hosting provider, if applicable, is: Gandi

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Hi guys, two times that I renew my certificat with the certbot certonly command

AND

In my terminal the renewal is successfull (one time and I renewed it again cause the error still there) but when I want to access the website something goes wrong.
I can, with firefox to have more details (IE don’t) and the error message is :

www.xxxxxxxxxxxxxxxxxxxxxxxxxxxx.fr use an invalid certificat
Expired the 3rd june 2017
Error Code : SEC_ERROR_EXPIRED_CERTIFICATE

Have I to deleted the olrd certificat before renewal ?

I know that some of you tell me to ask gandi but with letsencrypt they usually sais to ask here…

Thanks a lot for helpers and let’s encrypt team.

T

Hi @it-tips,

Did you restart/reload your apache web server after renew the certificate?.

Cheers,
sahsanu

Hi Sahsanu, thanks for your reply,

I followed this link

and find a solution, using the run command and not the certonly, don’t know if it matters for something…
And I didn’t restart the server, I will try the certonly command and restart it for an other website to see if it solve the problem.

Thanks again

T

Hi @it-tips,

The certonly command means to obtain a certificate, but not install it in the web server (like Apache).

If you use certonly and specify subject names that correspond to an existing certificate, that certificate will be replaced with a new one, which is one means of performing renewal using Certbot. Howver, certonly still does not do anything to tell any web server about this change.

When using a server like Apache, it needs to be restarted or reloaded in order to notice things like a changed certificate. certonly never attempts to do this (unless you add something like a --renew-hook option to tell it to).

run does attempt to install the certificate in a web server configuration, if it knows how to do so on your local machine; as part of this process, it will also restart the web server.

A more officially supported method might be something like certbot renew --renew-hook "service apache2 graceful" (which can be run every day to renew when necessary and reload the web server when a renewal happens), but I’m glad that what you did ended up working for you.

2 Likes

Thanks @Schoen,

Understood !

Best regards :wink:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.