Certificate Succeeded but still browser says site is not save

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

jjaab.huijse.nl

I ran this command:
sudo certbot certonly --cert-name jjaab.huijse.nl -a apache -d jjaab.huijse.nl,www.jjaab.huijse.nl

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer None
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/jjaab.huijse.nl.conf)

What would you like to do?


1: Keep the existing certificate for now
2: Renew & replace the cert (may be subject to CA rate limits)


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/jjaab.huijse.nl/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/jjaab.huijse.nl/privkey.pem
    Your cert will expire on 2020-12-30. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    "certbot renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version):
Server version: Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is: hostnet.nl

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.8.0

huijse.nl already has a certificate. What can be wrong?

2 Likes

Hi @Freddy1

certonly doesn't install the certificate and doesn't restart your webserver.

Use the command without certonly and with -i instead of -a to install the certificate.

Don't create a new certificate, there is a rate limit. Use the existing certificate.

2 Likes

For the interest of possibly improving the certbot output in these cases: what wasn't clear about the certbot output? What made you think getting exactly the same certificate again was going to change anything?

2 Likes

Thanks!

How would you like to authenticate with the ACME CA?


1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Option 1 failed but 3 worked.

1 Like

@Freddy1 Not sure to whom you're replying, but the text you're showing now is for the authentication plugin, not the installation plugin what @JuergenAuer referred to.

Chances are you issued another certificate while @JuergenAuer explicitely stated you should use an existing certificate.

I'm asking again, purely so we can possibly improve our answers and/or the output of certbot: what wasn't clear about the advice @JuergenAuer gave you and what was unclear about the certbot output?

2 Likes