DigitalOcean certbot renew but still expired cert


#1

Hello everyone

My domain is: www.fuseelab.com

I ran this command: certbot-auto renew and then the command service apache2 reload

It produced this output: the renew success, the expiration date is updated, the live symlinks point to archive cert.pem with increment 2 etc.
When navigate on browser still take the old cert so privacy problems. The page sometime seems to load correctly.
I check with crt.sh and it loads the old expiration date.
Maybe there are some propagation time?
It is our production server so it is a very urgent issue.
My operating system is (include version): ubuntu 14.04 lts

My web server is (include version): apache2

My hosting provider, if applicable, is: digitalocean, domain registered at godaddy

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no just command line


#2

Sounds about right… But: does your Apache configuration also point to the symlinks in /live/?


#3

Yes , we have the autogenereted configuration file ssl-apache.conf created by certbot and digital ocean tutorial for apache on ubuntu server. It links to the the live folder. The expiration date on the live cert is right (it points to archive cert2 file).
Apache includes the ssl-apache.conf .


#4

Are you sure Apache did actually restart properly? Have you tried a reboot?
If you check the folder location where you certs are situated, can you double check their modification dates and times to make sure they actually did renew properly.


#5

Solved, the problem was apache2.
We try the command: apachectl graceful to update che ssl apache cache because there was the old cert.
We try then the reload and the restart apache command but it seems not work.
At the end we reboot the server and now it works.

Maybe some other cache issue somewhere.

Thank you for your time.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.