Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: https://allislandequipment.com/
My web server is (include version): Ubuntu 14.04
The operating system my web server runs on is (include version): Ubuntu 14.04
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I don't know): Yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0
Pingdom is telling me that my site is going up and down every couple minutes. And when I go to the site there will be a certificate error. But when I refresh, it is fine again.
From what my limited experience and examining the SSL Server Test, it really looks like I have two certificates, one bad and one good, and it is a crap shoot as to which is being served.
Let's Debug says that there are no issues with the certificate and I still get the following when I go to the site in a browser, and yes, there is a new server waiting for this domain, but it isn't happening this week.
You should probably restart your server too. Sometimes apache threads get "orphaned" and stuck in an old state. That's one way to get different certs for different requests.
If that doesn't resolve it, please show the apachectl command results. Thanks
Maybe, but this server has been serving multiple sites for 7-8 years and hasn't had an issue like this since yesterday.
AH00526: Syntax error on line 30 of /etc/apache2/sites-enabled/allisland-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/allislandequipment.com/fullchain.pem' does not exist or is empty
Action '-t -D DUMP_VHOSTS' failed.
The Apache error log may have more information.
More likely something went wrong with Apache reload when got new cert recently. There are new certs with various names (with just apex and ones with both apex and www).
I think more likely a restart is needed to clear an orphaned apache worker / thread.
I am seeing consistent results now from your allislandequipment.com and www domains. So, you got that sorted at least. But, you are sending out a cert with only the www domain name in it. People trying to use allislandequipment.com will fail with an invalid cert error. You got a cert yesterday with both names in it, you just are not sending it out.
So, I realize it seems like I ghosted everyone, but that was not my intention.
I ended up realizing that I had a point in time restore from Linode for the night before, I restored to that and that stabilized me enough that all of the sites at least started working again. That gave me time to finish provisioning a new server and move everything over.
Not all is roses now though. For a couple days everything ran smooth, but now every night just after midnight and at random times throughout the day, all the sites on the server go down for a few minutes. One site is behind Cloudflare and gives me a "Socket timeout, unable to connect to server" error, but all of the other sites give me an "Invalid certificate" error.
That is Cloudflare's default error after a 30 second timeout I believe. Now everything resolves itself after a few minutes and goes on fine until it seems to randomly happen again a few hours later. I can confirm there are no CRON jobs running at this time that would cause a slowdown.
Any ideas on where I would start looking for this one?
