Certificate not updated


I’ve issued a wildcard certificate for a website but I forgot the plain domain, then I create a new cert with *.domain.com,domain.com but if I check the validity of the certificate it seems to be issued just for *.domain.com…what can I do?

this is the domain?

many thanks

1 Like

Hi @francescovenica,

How did you create your certificates?

hello, thanks for the quick answer, I use docker and certbot:

docker run -it --rm --name certbot \
  -v "/etc/letsencrypt:/etc/letsencrypt" \
  -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
  certbot/certbot \
  certonly --manual --preferred-challenges dns --agree-tos -d "*.domain.com" -d domain.com -m "email@gmail.com" --server https://acme-v02.api.letsencrypt.org/directory
1 Like

Thanks. I don’t think that your current certificate could have been produced by this command. Are you sure that you most recently used this command to get your certificate? (How recently?) And are you sure that you don’t have some other tool that’s also requesting its own Let’s Encrypt certificates?

1 Like

I’m 100% sure this is working, I created more then one cert with this script, after running it it ask to add the TXT and then it create the cert, the -v is just to add a volume to the docker container, the certbot command should be this one:
certonly --manual --preferred-challenges dns --agree-tos -d "*.domain.com" -d domain.com -m "email@gmail.com" --server https://acme-v02.api.letsencrypt.org/directory

Hi again @francescovenica,

Your situation is a little confusing because you have issued many similar certificates, but some cover both *.elitesport.academy and elitesport.academy, while others cover only *.elitesport.academy. It seems to me that the most recently issued certificates cover both names, but the certificate served by your web server isn’t the most recently issued one. So I would suggest looking at how the certificates make their way from your Certbot Docker container to your live web server after they’re successfully issued. Typically Certbot running inside Docker (and certainly certbot certonly) can’t actively do anything to tell the web server to replace the active certificate with the new one. So it’s likely that your up-to-date and correct certificate exists somewhere on your system—it’s just not the certificate that your web server application is currently using.

One possibility is that the web server configuration might be correct, but it just needs to be reloaded or restarted.

1 Like

the problem was that I forgot to restart the service… :sweat_smile: not sure why I was thinking is wasn’t;t necessary…my fault! thanks to all! :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.