Certificate renewed but still my site is down

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: logindemo.vyrill.com

I ran this command: ./letsencrypt-auto certonly --standalone

It produced this output:
IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/logindemo.vyrill.com-0001/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/logindemo.vyrill.com-0001/privkey.pem
    Your cert will expire on 2018-01-28. To obtain a new or tweaked
    version of this certificate in the future, simply run
    letsencrypt-auto again. To non-interactively renew all of your
    certificates, run “letsencrypt-auto renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Did you re-apply the new private key?

Thanks for the reply!!!.

Yes i updated the private key and its working.

1 Like

This could be a part of the reason for the problem. The intended way to renew an existing certificate is ./letsencrypt-auto renew, which will find every certificate that is near expiry and try to renew it. The -0001 means that you got a separate certificate (probably because you specified a slightly different set of domain names for the certificate to cover). You now have two different certificates, again probably for different sets of domain names, which are being managed by Certbot. They are saved at different paths, which is presumably why you had to update your web server configuration to point at the new one (whereas with renew, the path would have stayed the same and this change wouldn’t have been necessary).

You can see them with ./letsencrypt-auto certificates and you might want to delete one of them with ./letsencrypt-auto delete if you know that you’re no longer going to be using that now.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.