Certificate renewed but server still not secure

certificate renewed but server still not secure nginx.conf is right and dockercompose.yaml is right too
but and the cert exsist in the file its supposed to but website is still not secure

My domain is: www.daleelalhurra,coom

I ran this command: certbot certonly --manual --preferred-challenges dns -d daleelalhurra.com

It produced this output: root@DaleelAlhurra:~# certbot certonly --manual --preferred-challenges dns -d daleelalhurra.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for daleelalhurra.com

Please deploy a DNS TXT record under the name:

_acme-challenge.daleelalhurra.com.

with the following value:

{{{IM HIDING THE VALUE THEY GAVE ME}}}

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: Dig (DNS lookup).
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

Press Enter to Continue

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/daleelalhurra.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/daleelalhurra.com/privkey.pem
This certificate expires on 2024-07-31.
These files will be updated when the certificate renews.

NEXT STEPS:

• This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

If you like Certbot, please consider supporting our work by:

• Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
• Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

My web server is (include version): NGINX

The operating system my web server runs on is (include version): UBUNTU 23

My hosting provider, if applicable, is: digitalocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0

It is not really a secret https://unboundtest.com/m/TXT/_acme-challenge.daleelalhurra.com/VQBXMH2F
and nice ACME DNS clients should clean it up by removing it. The value should be unique each time.

so is there a way to fix my problem?

The server is currently serving this https://decoder.link/sslchecker/daleelalhurra.com/443 certificate; which is not the most recent issued certificate, that would be this certificate crt.sh | 12929987082.

I suggest start serving this crt.sh | 12929987082 instead of the presently being served certificate.

how to change it?

You might need to expound a bit more on what exactly you're trying to do and why. You're using certonly, which specifically is "I want certbot to create a certificate but then not install it for me", and you're using --manual which is "I don't want certbot to even automate getting the certificate". Neither of those is the standard way intended to use certbot, but you presumably included those options for a reason. So I'm at least a bit confused about what exactly you're trying to accomplish.

Please show the output of
sudo certbot certificates
and
sudo nginx -T that is a capital T

root@DaleelAlhurra:~/daleel0.31# sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: daleelalhurra.com
Serial Number: 36127d0fa048f55a34d89fa12d92dc54bd1
Key Type: ECDSA
Domains: daleelalhurra.com
Expiry Date: 2024-07-31 15:26:42+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/daleelalhurra.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/daleelalhurra.com/privkey.pem

and im not using nginx from ubuntu.. im using it from the docker container

i did this when i had many retries and i did the same command as before

You have a valid cert.
What is the real problem?

But this should still be do able.

root@DaleelAlhurra:~/daleel0.31# sudo nginx -T
sudo: nginx: command not found

FROM node:18.17-alpine as builder its installed in the cotnainer

They may not [yet] know how to execute commands within a Docker container:

i did restart the containers and nothing changed

This shows your Server: nginx/1.25.3; how do you manage Nginx?

$ curl -i http://daleelalhurra.com/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Server: nginx/1.25.3
Date: Thu, 02 May 2024 17:43:17 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.25.3</center>
</body>
</html>

from the docker container

Restarting the container won't change much.

Where do the HTTP ACME challenge requests get answered?
Edit: DNS-01 authentication doesn't use HTTP.

i dont know anything about that... all i know is updating the TXT inside digitalocean and thats it

Possibly check their community forums and their support.

My bad.
Yes, you are doing DNS-01 authentication manually.

You can skip all the nginx requests.

So...
You have the cert now.
All you need to do is use it.
So, I'll repeat myself: