Delete and new certificate procedure

I had some expired domains (not certbot, but not paying the registration fee), so when I got intermittent errors or warnings after a certbot renew, I deleted all my previous certificates with certbot delete and then created new ones with certbot certonly at the webroot. I created/entered, on the prompt. is just one example. (Output below.) Remarkably, is not complaining, but is.

Safari tells me that X "" certificate name does not match input. It doesn't seem to be the right certificate any longer, either, because my new certificate expires 12/29, but this one tells me 12/17. Presumably, this is the pre-deletion certificate.

certbot output is below.


[1] Can I ask the certbot CLI client to check whether the new certificate has replaced the old certificate? Or to make sure that all traces of my 12/17 certificates are eradicated, at least on the letsencrypt trusted authority?

[2] Can I ask certbot to check essentially how a web browser would ascertain that everything is ok? Something like # certbot check ? I could run this on my client linux computer, too, not just on the server itself.

[3] Do I need to update the DNS TXT record now? Is there something else I need to do? Should I expect results to be instant, or does it take a few hours to percolate around the web? Or, could the browser be confused and require some sort of refresh now to update my web certificate?

[4] apt on ubuntu 22.04.3 tells me that 1.21.0 is the latest client. Is this the one I should be using?

Advice very much appreciated.



My domain is:

I ran this command:

# certbot certificates

It produced this output:

Certificate Name:
Serial Number: 39...[deleted]...46e
Key Type: RSA
Expiry Date: 2023-12-29 19:08:32+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

My web server is (include version): nginx

The operating system my web server runs on is (include version): ubuntu 22.04.3 LTS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

certbot certificates

echo | openssl s_client -connect

Are you using dns-01? Have you reloaded your webserver?

You could use snap if you want a newer version, but if ain't broken...


Thank you very much. The critical error I made was not to restart the webserver. nginx does not reload the /etc/letsencrypt/live/ certificates.

on reboot, nginx did not restart, but once I looked at systemctl status nginx on a terminal that was 300 characters wide, nginx gave a great configuration error, pointing me to the letsencrypt /live/ files having been changed.

so, I also had to fix them in the /etc/nginx/sites-enabled/* configuration files, because I had renamed the certificates. but now everything is fine. 9peppe --- mille grazie to you.

The macos utility brew has a very, very nice feature: brew doctor , which checks all sorts of problems.

1 Like

did you rename stuff in /etc/letsencrypt or did you just get new certificates with another name?

don't rename stuff in that directory. it will break certbot.


You can force the name to be used with "--cert-name".
certbot certonly --cert-name MyCertName -d -d


I just edited the /etc/nginx/sites-enabled/ files, and everything worked like a charm...

thanks everyone.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.