Certificate not updated

francescovenica · November 19, 2019, 7:11pm

Hello,

I’ve issued a wildcard certificate for a website but I forgot the plain domain, then I create a new cert with *.domain.com,domain.com but if I check the validity of the certificate it seems to be issued just for *.domain.com…what can I do?

this is the domain?
https://elitesport.academy/

many thanks
Francesco

schoen · November 19, 2019, 7:18pm

Hi @francescovenica,

How did you create your certificates?

francescovenica · November 19, 2019, 7:20pm

hello, thanks for the quick answer, I use docker and certbot:

docker run -it --rm --name certbot \
  -v "/etc/letsencrypt:/etc/letsencrypt" \
  -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
  certbot/certbot \
  certonly --manual --preferred-challenges dns --agree-tos -d "*.domain.com" -d domain.com -m "email@gmail.com" --server https://acme-v02.api.letsencrypt.org/directory

schoen · November 20, 2019, 12:52am

Thanks. I don’t think that your current certificate could have been produced by this command. Are you sure that you most recently used this command to get your certificate? (How recently?) And are you sure that you don’t have some other tool that’s also requesting its own Let’s Encrypt certificates?

francescovenica · November 20, 2019, 11:03pm

I’m 100% sure this is working, I created more then one cert with this script, after running it it ask to add the TXT and then it create the cert, the -v is just to add a volume to the docker container, the certbot command should be this one:
certonly --manual --preferred-challenges dns --agree-tos -d "*.domain.com" -d domain.com -m "email@gmail.com" --server https://acme-v02.api.letsencrypt.org/directory

schoen · November 20, 2019, 11:11pm

Hi again @francescovenica,

Your situation is a little confusing because you have issued many similar certificates, but some cover both *.elitesport.academy and elitesport.academy, while others cover only *.elitesport.academy. It seems to me that the most recently issued certificates cover both names, but the certificate served by your web server isn’t the most recently issued one. So I would suggest looking at how the certificates make their way from your Certbot Docker container to your live web server after they’re successfully issued. Typically Certbot running inside Docker (and certainly certbot certonly) can’t actively do anything to tell the web server to replace the active certificate with the new one. So it’s likely that your up-to-date and correct certificate exists somewhere on your system—it’s just not the certificate that your web server application is currently using.

mnordhoff · November 21, 2019, 1:44am

One possibility is that the web server configuration might be correct, but it just needs to be reloaded or restarted.

francescovenica · November 22, 2019, 10:56am

the problem was that I forgot to restart the service… not sure why I was thinking is wasn’t;t necessary…my fault! thanks to all!

system · December 22, 2019, 10:56am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Update wildcard certificate to include base domain Help	39	5870	June 14, 2018
Wildcard certificate issuer problem Help	19	3303	May 12, 2018
How do I get * to certify Help	10	629	February 8, 2023
Certbot / Nginx Wildcard issue Help	5	5725	April 13, 2018
Manual update of wildcard certificate Help	4	467	October 17, 2020

Certificate not updated

Related topics