Certificate renewed.... but not!

Hello,
my domain name is cartan.hopto.org (No-IP redirect to my home box then Port forwarding *.443 to my Nextcloud server, running on FreeNAS 11.3, with Apache 24).
All the install was running fine until a renewal of certificate that must have messed things up....

I have renewed the certifcate using Certbot 2.7:

certbot-2.7 certonly --webroot -w /usr/local/www/nextcloud -d cartan.hopto.org

and it works fine. I can test my install with

certbot-2.7 certificates

and the output is:

Found the following certs:
  Certificate Name: cartan.hopto.org
    Domains: cartan.hopto.org
    Expiry Date: 2021-12-03 13:52:56+00:00 (VALID: 89 days)
    Certificate Path: /usr/local/etc/letsencrypt/live/cartan.hopto.org/fullchain.pem
    Private Key Path: /usr/local/etc/letsencrypt/live/cartan.hopto.org/privkey.pem

However, when I test my server using a web tester (https://www.ssllabs.com/), I get the following result:

Valid until Wed, 18 Aug 2021 22:16:55 UTC (expired 16 days, 16 hours ago) *EXPIRED
Screenshot:


/Screenshot

I have:

  • Restarted the server (Service Apache24 restart)
  • Checked that there was no other certificate anywhere else in the jail => confirmed
  • Checked in /usr/local/etc/letsencrypt/live/cartan.hopto.org and found (ls -l:)
lrwxr-xr-x  1 root  wheel   40 Sep  4 15:51 cert.pem -> ../../archive/cartan.hopto.org/cert9.pem
lrwxr-xr-x  1 root  wheel   41 Sep  4 15:51 chain.pem -> ../../archive/cartan.hopto.org/chain9.pem
lrwxr-xr-x  1 root  wheel   45 Sep  4 15:51 fullchain.pem -> ../../archive/cartan.hopto.org/fullchain9.pem
lrwxr-xr-x  1 root  wheel   43 Sep  4 15:51 privkey.pem -> ../../archive/cartan.hopto.org/privkey9.pem
-rw-r--r--  1 root  wheel  692 Feb 15  2020 README
  • Checked in ../../archive/cartan.hopto.org and found:
-rw-r--r--  1 root  wheel  1911 Feb 15  2020 cert1.pem
-rw-r--r--  1 root  wheel  1915 Aug 31  2020 cert2.pem
-rw-r--r--  1 root  wheel  1846 Dec 12  2020 cert3.pem
-rw-r--r--  1 root  wheel  1846 Dec 16  2020 cert4.pem
-rw-r--r--  1 root  wheel  1846 Mar 21 19:02 cert5.pem
-rw-r--r--  1 root  wheel  1846 May 21 00:13 cert6.pem
-rw-r--r--  1 root  wheel  1846 Jul  8 22:36 cert7.pem
-rw-r--r--  1 root  wheel  1846 Aug 31 19:32 cert8.pem
-rw-r--r--  1 root  wheel  1846 Sep  4 15:51 cert9.pem
-rw-r--r--  1 root  wheel  1647 Feb 15  2020 chain1.pem
-rw-r--r--  1 root  wheel  1647 Aug 31  2020 chain2.pem
-rw-r--r--  1 root  wheel  1586 Dec 12  2020 chain3.pem
-rw-r--r--  1 root  wheel  1586 Dec 16  2020 chain4.pem
-rw-r--r--  1 root  wheel  1586 Mar 21 19:02 chain5.pem
-rw-r--r--  1 root  wheel  3750 May 21 00:13 chain6.pem
-rw-r--r--  1 root  wheel  3750 Jul  8 22:36 chain7.pem
-rw-r--r--  1 root  wheel  3750 Aug 31 19:32 chain8.pem
-rw-r--r--  1 root  wheel  3750 Sep  4 15:51 chain9.pem
-rw-r--r--  1 root  wheel  3558 Feb 15  2020 fullchain1.pem
-rw-r--r--  1 root  wheel  3562 Aug 31  2020 fullchain2.pem
-rw-r--r--  1 root  wheel  3432 Dec 12  2020 fullchain3.pem
-rw-r--r--  1 root  wheel  3432 Dec 16  2020 fullchain4.pem
-rw-r--r--  1 root  wheel  3432 Mar 21 19:02 fullchain5.pem
-rw-r--r--  1 root  wheel  5596 May 21 00:13 fullchain6.pem
-rw-r--r--  1 root  wheel  5596 Jul  8 22:36 fullchain7.pem
-rw-r--r--  1 root  wheel  5596 Aug 31 19:32 fullchain8.pem
-rw-r--r--  1 root  wheel  5596 Sep  4 15:51 fullchain9.pem
-rw-------  1 root  wheel  1704 Feb 15  2020 privkey1.pem
-rw-------  1 root  wheel  1704 Aug 31  2020 privkey2.pem
-rw-------  1 root  wheel  1704 Dec 12  2020 privkey3.pem
-rw-------  1 root  wheel  1704 Dec 16  2020 privkey4.pem
-rw-------  1 root  wheel  1704 Mar 21 19:02 privkey5.pem
-rw-------  1 root  wheel  1704 May 21 00:13 privkey6.pem
-rw-------  1 root  wheel  1704 Jul  8 22:36 privkey7.pem
-rw-------  1 root  wheel  1708 Aug 31 19:32 privkey8.pem
-rw-------  1 root  wheel  1704 Sep  4 15:51 privkey9.pem

... I'm running out of idea where and what to look for....
Any assistance appreciated !
Thank you !
Tang'

1 Like

I'm seeing a perfectly fine certificate at your hostname? Valid since Sept. 4th and valid through Dec. 3rd. With serial number 03:b5:00:5c:fe:0b:e6:c5:f0:81:d1:8f:c6:8b:46:11:d1:7c.

2 Likes

Yes, that was precisely my point, yet the test at ssllabs.com was seeing another certificate.
... But now, after leaving it for few hours, I re-run the test and it works ! Certificate seen from this test bench is the correct one.
Ok, then problem, solved !
Thank you !!
Tanguy

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.