Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: admin.workandtravel.world
I ran this command:
It produced this output:
My web server is (include version):
apache2 and php 8
The operating system my web server runs on is (include version):
debian 11.7
My hosting provider, if applicable, is:
not the problem
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.12.0
the problem is, when i renew a certificate it runs an error date invalid and it says that my certificate is due for renewal, i have checked certbot, and it looks like it is using old certificates in the browser while i manually installed new ones with this command:
You probably didn't check Certbot. Checking Certbot would be done using the command sudo certbot certificates and not using a browser. When using a browser, you're actually just checking Apache.
Also, when using the certonly subcommand, Apache isn't automatically reloaded. So unless you've set up a --deploy-hook with a reload command, you indeed would need to do that manually too. But that's not Certbots fault.
well my server (apache2) should restart every night at 1 minute past 12. not implemented yet but a compare of html with a snapshot will keep the server up and running or send an error email.
thanks for the certbot certificates command, can it also output it in json format, that would be a nice feature.
Do you know how to get the certificates from a headless chrome browser ?
Check the system time on both your server and the client machine you are browsing from. Their system time has to be correct, synced with an (internet) time service.
You are right, but currently no time to improve it.
I have lets encrypt tasks
wat init --restore-lets-encrypt & wat init --backup-lets-encrypt which makes a copy (zip) and restores the zip into lets encrypt directory. if you do it like that, lets encrypt needs improvement too, because the challanges don't have to change everytime because it also stores a session.
This isn't working properly yet
I am currently on debian 11 and will migrate to debian 12. we are a small team and there is more todo then renew certificates.
That i am not automating through your code shouldn't be a problem. why refresh dns challenges so often for example, those can be valid for 5 years ? so the first time is manual and then with a restore (You keep all certificates) you get a new one because you have the previous one and the challenges right... also room to think, automation is the goal
If i test the certificates i can only try it 5 times a day and then need to wait 2 days before we get secure again ? My backup / restore got messed up and now its unsecure but working on my machine...
is there a way to get new certificates or a setting to test certificates backups for example (I move them to a seperate data directory and wanna backup that stuff so i don't run into issues
i make a zip of the folder /etc/letsencrypt/ to backup the certificates.
i have a wat init --restore-lets-encrypt command which restores the files and the symlinks inside /etc/letsencrypt. certbot renew should then work, and the first time is then only manual to setup the encryption. certbot renew is fixing something is says. and then certbot renew isn;t working.
So what i am saying is. First time manual dns challenge and then auto-renew / backup / restore should work