Hi @gpatel-fr
I've created a new topic to split your question from the original topic ( Cert shows as active, is treated as if expired - #18 by gpatel-fr ):
If a configuration is buggy, there are two options:
- find the bug and fix it (or)
- delete all and start new. That begins with
delete /etc/letsencrypt
. That kills all certificates -> next step, the webserver doesn't start again, because the certificate file doesn't exist. So the next certificate creation doesn't work. So it's something that escalates: Simple problem (wrong SSLCertificateKeyFile / SSLCertificateFile ) -> hitted limit and a not longer working webserver.
Normally, that's great. Creating the first certificate Certbot adds symlinks:
SSLCertificateKeyFile /etc/letsencrypt/live/certificatename/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/certificatename/fullchain.pem
These symlinks point to the newest version.
Renew a certificate without changing the set of domain names -> new archive entries -> Certbot changes the symlinks, but doesn't touch the config file -> a restart is enough.
Problem: It's possible to skip the hitted limit creating a certificate with a different set of domain names (sample: Adding blog.domainname). But if the current certificate creation has worked, but the certificate isn't installed (or installed in the wrong vHost, so the certificate isn't online visible), installing this certificate requires to change the configuration Certbot doesn't understand.
SSLCertificateKeyFile /etc/letsencrypt/live/certificatename/privkey.pem
is replaced with something like
SSLCertificateKeyFile /etc/letsencrypt/live/certificatename-0001/privkey.pem
So that may not work -> same situation.