Certificate still not valid

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
https://crt.sh/?q=www.prominenthair.hr

I ran this command:
sudo sh -c “sed -i.bak -e ‘s/^(pref_challs.)tls-sni-01(.)/\1http-01\2/g’ /etc/letsencrypt/renewal/; rm -f /etc/letsencrypt/renewal/.bak”

sudo certbot renew --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/prominenthair.hr-0001.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate


new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/prominenthair.hr-0001/fullchain.pem



Processing /etc/letsencrypt/renewal/prominenthair.hr.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate


new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/prominenthair.hr/fullchain.pem



Processing /etc/letsencrypt/renewal/www.prominenthair.hr.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate


new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/www.prominenthair.hr/fullchain.pem



** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/prominenthair.hr-0001/fullchain.pem (success)
/etc/letsencrypt/live/prominenthair.hr/fullchain.pem (success)
/etc/letsencrypt/live/www.prominenthair.hr/fullchain.pem (success)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


root@www:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/prominenthair.hr/cert.pem is unknown


Found the following certs:
Certificate Name: prominenthair.hr-0001
Domains: prominenthair.hr
Expiry Date: 2020-05-26 23:09:56+00:00 (VALID: 49 days)
Certificate Path: /etc/letsencrypt/live/prominenthair.hr-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/prominenthair.hr-0001/privkey.pem
Certificate Name: prominenthair.hr
Domains: prominenthair.hr www.prominenthair.hr
Expiry Date: 2019-06-01 23:13:03+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/prominenthair.hr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/prominenthair.hr/privkey.pem
Certificate Name: www.prominenthair.hr
Domains: www.prominenthair.hr
Expiry Date: 2020-05-27 11:02:58+00:00 (VALID: 49 days)
Certificate Path: /etc/letsencrypt/live/www.prominenthair.hr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.prominenthair.hr/privkey.pem


My comment:
One certificate is not renewed, the one that I got informed via e-mail one year ago, so I followed these steps:

P.S. I am really not sure why/how I created multiple certificates for the same domain because a lot of time has passed since then.

My web server is (include version):
Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Putty + WinSCP

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I upgraded from Certbot v0.19.0 to v0.31.0 successfully

1 Like

certbot renew --dry-run” doesn’t actually renew your certificates; it simulates it (using Let’s Encrypt’s staging environment).

Have you run “certbot renew” without the “--dry-run” option?

2 Likes

Thanks so much!! I don’t know how I overlooked the part where it explains what a dry run does…

One more question. How can I check or ensure that the certificate will be renewed before expiration date? It worked until now but I want to be sure it will work in the future too.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.