Certificate continually failing

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://allislandequipment.com/
My web server is (include version): Ubuntu 14.04
The operating system my web server runs on is (include version): Ubuntu 14.04
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I don't know): Yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

Pingdom is telling me that my site is going up and down every couple minutes. And when I go to the site there will be a certificate error. But when I refresh, it is fine again.

From what my limited experience and examining the SSL Server Test, it really looks like I have two certificates, one bad and one good, and it is a crap shoot as to which is being served.


I ran sudo certbot certificates and it gave me the following....

Certificate Name: allislandequipment.com
Domains: allislandequipment.com
Expiry Date: 2022-11-30 13:35:49+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/allislandequipment.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/allislandequipment.com/privkey.pem

... which is not what I get in the browser when the site goes down.

It really seems that somewhere on the server an expired certificate is being referenced and I can't find it. Can anyone help?

Hello @drummin, welcome to the Let's Encrypt community. :slightly_smiling_face:

A great place to start debugging Let's Encrypt certificates is Let's Debug

You might also want to consider updating your software including the OS and Certbot; who knows how old of version of OpenSSL that is running.

Not sure if this applies but thought I would at least point it out Email feedback: TLS 1.0/1.1 deprecation and SHA-1 deprecation
and Rejecting SHA-1 CSRs and validation using TLS 1.0 / 1.1 URLs


Let's Debug says that there are no issues with the certificate and I still get the following when I go to the site in a browser, and yes, there is a new server waiting for this domain, but it isn't happening this week.

Screen Shot 2022-09-01 at 10.55.29 AM

It looks like your Apache is not configured properly. I also see various responses from your server. Can you show result of this:

apachectl -t -D DUMP_VHOSTS

Using SSL Checker - Check SSL Certificate with https://allislandequipment.com/ as the input I see a certificate that expired a day a go.

It seems not all of your web page is not secure also. With Firefox 104.0.1 (64-bit) on Windows 10

1 Like

You should probably restart your server too. Sometimes apache threads get "orphaned" and stuck in an old state. That's one way to get different certs for different requests.

If that doesn't resolve it, please show the apachectl command results. Thanks


FYI - You have received certificates form Let's Encrypt that are currently not expired https://crt.sh/?q=allislandequipment.com

Also just today you have received 10 certificates form Let's Encrypt, be aware of the Rate Limits - Let's Encrypt

1 Like

Maybe, but this server has been serving multiple sites for 7-8 years and hasn't had an issue like this since yesterday.

AH00526: Syntax error on line 30 of /etc/apache2/sites-enabled/allisland-le-ssl.conf:

SSLCertificateFile: file '/etc/letsencrypt/live/allislandequipment.com/fullchain.pem' does not exist or is empty
Action '-t -D DUMP_VHOSTS' failed.
The Apache error log may have more information.

But why is it serving the expired one.

You might need to add sudo in front of that command. Your first post showed you had that fullchain file


Maybe stale cache.

1 Like

More likely something went wrong with Apache reload when got new cert recently. There are new certs with various names (with just apex and ones with both apex and www).

I think more likely a restart is needed to clear an orphaned apache worker / thread.


This gives me an error wether sudo or not. I have restarted.

AH00526: Syntax error on line 28 of /etc/apache2/sites-enabled/allisland-le-ssl.conf:

When I go to the site I get an error that the certificate is expired.

Screen Shot 2022-09-01 at 11.26.56 AM

But when I run 'sudo certbot certificates' I am still getting this....

Certificate Name: allislandequipment.com
Domains: allislandequipment.com www.allislandequipment.com
Expiry Date: 2022-11-30 14:25:23+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/allislandequipment.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/allislandequipment.com/privkey.pem

The reason I have received so many certificates is because i keep trying to renew or get new ones.

Well, now every domain on the server is hosed.

Thank you for attempting to help me, but I think an emergency server change is in the cards for today. I will pop back in to update.


What is the contents of that file?


A definite understatement.

I'd check the disk for fullness and failures too.


I am seeing consistent results now from your allislandequipment.com and www domains. So, you got that sorted at least. But, you are sending out a cert with only the www domain name in it. People trying to use allislandequipment.com will fail with an invalid cert error. You got a cert yesterday with both names in it, you just are not sending it out.

You can see the wrong cert with a site like this one

If you want help fixing that let's start with fresh outputs of these commands

sudo certbot certificates

sudo apachectl -t -D DUMP_VHOSTS

So, I realize it seems like I ghosted everyone, but that was not my intention.

I ended up realizing that I had a point in time restore from Linode for the night before, I restored to that and that stabilized me enough that all of the sites at least started working again. That gave me time to finish provisioning a new server and move everything over.

Not all is roses now though. For a couple days everything ran smooth, but now every night just after midnight and at random times throughout the day, all the sites on the server go down for a few minutes. One site is behind Cloudflare and gives me a "Socket timeout, unable to connect to server" error, but all of the other sites give me an "Invalid certificate" error.

That is Cloudflare's default error after a 30 second timeout I believe. Now everything resolves itself after a few minutes and goes on fine until it seems to randomly happen again a few hours later. I can confirm there are no CRON jobs running at this time that would cause a slowdown.

Any ideas on where I would start looking for this one?