Certificate renewed but still shows as expired

My domain is: id.amritmro.com

I ran this command: ./certbot-auto renew

It produced this output:
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/id.amritmro.com.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for id.amritmro.com
Waiting for verification…
Cleaning up challenges

new certificate deployed without reload, fullchain is

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/id.amritmro.com/fullchain.pem (success)

I ran this command: ./certbot-auto certificates

It produced this output:
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: id.amritmro.com
Domains: id.amritmro.com
Expiry Date: 2018-01-13 23:50:14+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/id.amritmro.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/id.amritmro.com/privkey.pem

The operating system my web server runs on is (include version): Ubuntu 16.04

I can login to a root shell on my machine: yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Essentially, I renewed my certificate and the output said it was successful. However, when I view it it still says (INVALID: EXPIRED). I tried it a few times with little changes but still had the same error every time. And then I hit the rate limit since I wasn’t aware of it. What could be the reason for and solution to this?

Hi @Pasty44,

These renewals were successful, so your new certificates should exist somewhere:


Can you show us the output of

ls -l /etc/letsencrypt/*/id.amritmro.com*


-rw-r–r-- 1 root root 480 Jan 15 03:05 /etc/letsencrypt/renewal/id.amritmro.com.conf

total 0

total 0
lrwxrwxrwx 1 root root 27 Jan 15 03:39 cert.pem -> /home/ubuntu/cert/cert1.pem
lrwxrwxrwx 1 root root 28 Jan 15 03:39 chain.pem -> /home/ubuntu/cert/chain1.pem
lrwxrwxrwx 1 root root 32 Jan 15 03:39 fullchain.pem -> /home/ubuntu/cert/fullchain1.pem
lrwxrwxrwx 1 root root 30 Jan 15 03:40 privkey.pem -> /home/ubuntu/cert/privkey1.pem

I did originally move the PEM files but the symlinks remain in the same location. Could that affect it? I have other servers with the same setup and they renewed ok.

Yes, that will break the renewal (and appears to be the reason in this case). This might also point to a Certbot bug because you should probably have received a more useful error message.

Would you be able to put the PEM files back in their expected place in archive?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.