Duplicated Certificate

swang-ccor · April 7, 2019, 11:59pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Hi Support team,

We run the auto renew command as follows, there are two directories created one is c-cor.cm.au and the other is www.c-cor.com.au.

Checked on the website, the SSL is pointing to www.c-cor.com.au which is expiring 27/04/19.
However another certificate installed in c-cor.com.au is expiring 06/07/2019.

My question is are they going to impact each other? from the user’s feedback, the website will be unsecure once 27/04 certificate expires.

Thanks in advance.
Steve

My domain is: www.c-cor.com.au

I ran this command:
sudo -H ./letsencrypt-auto certonly --standalone --renew-by-default -d c-cor.com.au -d www.c-cor.com.au -d my.c-cor.com.au -d spec.c-cor.com.au

It produced this output:

Certificate Name: c-cor.com.au
Domains: www.c-cor.com.au c-cor.com.au
Expiry Date: 2019-07-06 21:58:55+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/c-cor.com.au/fullchain.pem
Private Key Path: /etc/letsencrypt/live/c-cor.com.au/privkey.pem
Certificate Name: my.c-cor.com.au
Domains: my.c-cor.com.au
Expiry Date: 2019-04-27 23:18:39+00:00 (VALID: 19 days)
Certificate Path: /etc/letsencrypt/live/my.c-cor.com.au/fullchain.pem
Private Key Path: /etc/letsencrypt/live/my.c-cor.com.au/privkey.pem
Certificate Name: spec.c-cor.com.au
Domains: www.c-cor.com.au c-cor.com.au my.c-cor.com.au spec.c-cor.com.au
Expiry Date: 2019-07-06 22:49:21+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/spec.c-cor.com.au/fullchain.pem
Private Key Path: /etc/letsencrypt/live/spec.c-cor.com.au/privkey.pem
Certificate Name: www.c-cor.com.au
Domains: www.c-cor.com.au
Expiry Date: 2019-04-27 23:28:00+00:00 (VALID: 19 days)
Certificate Path: /etc/letsencrypt/live/www.c-cor.com.au/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.c-cor.com.au/privkey.pem

My web server is (include version):
AWS EC2

The operating system my web server runs on is (include version):
Linux

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

rg305 · April 8, 2019, 2:20am

It looks like the spec cert has all the names of all the sites (in one cert).
And it is good for 89 more days.

If you can use just that one cert for all the sites, then you can remove the rest.

mnordhoff · April 8, 2019, 2:31am

First you need to configure your web server to stop using the unnecessary or expiring certificates (and reload it).

Then you can use “sudo -H ./letsencrypt-auto delete --cert-name my.c-cor.com.au” and so on to delete them.

swang-ccor · April 9, 2019, 9:21am

Thanks for your advice, it is really helpful.

swang-ccor · April 9, 2019, 9:22am

Thank you for the advice, we resolved the issue.
Appreciate it.

system · May 9, 2019, 9:22am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.