Error: Certificate expired

the person who installed the certificate is not avaliable anymore.
in the past the certifacat renewed every 3 month, i dont know why this stopped yerterday.

My domain is:

accessing the webseite shows an error "not safe"

Issuer: R3
Expires on: 16.06.2022
Current date: 17.06.2022
PEM encoded chain:

I ran this command: nothing yet

It produced this output:

My web server is (include version): apache

The operating system my web server runs on is (include version): debian 4.9.0-14

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
i dont know

thankful for any help

1 Like

Then you should be able to check your apache config and discover where the certificate is saved on your filesystem. That should give some hints as for what the acme client is.

1 Like

Thanks for your reply.

i found in etc/cron.d/certbot


0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

but i dont know how to identify the acme client

1 Like

certbot certificates
grep -ir letsencrypt /etc/apache2

1 Like

certbot certificates :frowning:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

No certs found.

grep -ir letsencrypt /etc/apache2
/etc/apache2/conf-enabled/acme.conf:Alias "/.well-known/acme-challenge" "/var/www/letsEncryptChallenges/.well-known/acme-challenge"
/etc/apache2/conf-enabled/acme.conf:<Directory "/var/www/letsEncryptChallenges/.well-known/acme-challenge">

So it looks like Certbot is installed, but not used.. So probably a different ACME client is in use.

I'm more interested to see the results of the command:

grep -ir sslcertificate /etc/apache2
1 Like

/etc/apache2/sites-enabled/ SSLCertificateFile /etc/ssl/froxlor-custom/
/etc/apache2/sites-enabled/ SSLCertificateKeyFile /etc/ssl/froxlor-custom/
/etc/apache2/sites-enabled/ SSLCertificateChainFile /etc/ssl/froxlor-custom/
/etc/apache2/sites-enabled/ SSLCertificateFile /etc/ssl/froxlor-custom/

any idea, what to check next?

Well, there's good news and bad news.

Good news is we now know you are using the Froxlor control panel to manage your Let's Encrypt certs.

Bad news is we rarely see problems with that on this community. I personally know nothing about it and their docs were not helpful. In fact, their docs section on "SSL" was empty.

Maybe another volunteer will know more about Froxlor. Or, try contacting the authors of that directly. Their github and main websites are below. Or, contact your hosting provider if they provided Froxlor as part of their package.


Does it make sense to change the client. i don't hat to administer the ssl cert with froxlor. i am more interested in getting a running https connection

I don't know. Sometimes control panels want to manage the entire server config and making manual changes with another client can make things worse. Other times it can work fine. I personally don't know Froxlor enough to say.

That's probably a better question for Froxlor experts / users on their github or website.


thanks for your help so far


froxlor uses this client
/etc/cron.d # ~/ --version :frowning:


would this be helpful?

I agree with @MikeMcQ: if you're administrating your websites using Froxlor, I wouldn't manually mess with the Apache configuration files. It could potentially lead to a totally messed up Froxlor.

As Mike I'm also not familiar with Froxlor. Frankly, I've never heard of it. It also seems you're not the only one with this issue: Check certificate for expiration · Issue #1035 · Froxlor/Froxlor · GitHub

Personally, I would hesitate to use such an undocumented software project.


i understand your arguments, but the froxlor group says that is not a froxlor thing, because they only call the acme client --renew -d --server letsencrypt

Nonetheless, they should be the persons who can provide you with help on how to decently debug this issue. Does Froxlor log the output of If so, where? Et cetera. We don't have a clue :slight_smile:

Froxlor is the front-end of It's kinda lame to throw your issue over the fence and say "It's not our problem!".. a tool used directly by Froxlor so Froxlor should provide enough support on how to handle this. Froxlor is handeling (or should) the renewals, Froxlor is handeling the webserver, Froxlor is doing everything, even if it's just delegating.

1 Like

Adding on to Osiris comment, @steki refer back to your post #7. It shows the certs and server config files in Froxlor specific folders. They set up a custom configuration.

If you can show us the error issued by the Let's Encrypt servers we could maybe help. If there are any they should be in the Froxlor or logs. But, errors can occur within either of those systems too. It might not have anything to do with Let's Encrypt specifically.

I don't see anything obviously wrong with the connection to your server. And, the Let's Debug test site sees it ok too.

If your hosting provider included Froxlor with your package they should be able to help.


Thank you for your patience

the reason i'm continue asking here is, that the service stopped working on 17.06.2022 and
~/ --list tells me

Main_Domain KeyLength SAN_Domains CA Created Renew "4096" no Sun Apr 17 22:25:19 UTC 2022 2022-06-16T22:25:19Z "4096" no Sun Apr 17 22:25:31 UTC 2022 2022-06-16T22:25:31Z

so i thought it had something to do with the renew process

if i run
~/ --renew -d --server letsencrypt

i get

[Sun Jun 19 18:39:15 CEST 2022] Renew: ''
[Sun Jun 19 18:39:15 CEST 2022] '' is not an issued domain, skip.
2 root@galerie-admin /etc/cron.d # ~/ --renew -d --server letsencrypt :frowning:
[Sun Jun 19 18:39:52 CEST 2022] Renew: ''
[Sun Jun 19 18:39:52 CEST 2022] Renew to Le_API=
[Sun Jun 19 18:39:53 CEST 2022] Using CA:
[Sun Jun 19 18:39:53 CEST 2022] Creating domain key
[Sun Jun 19 18:39:54 CEST 2022] The domain key is here: /root/
[Sun Jun 19 18:39:54 CEST 2022] Single domain=''
[Sun Jun 19 18:39:54 CEST 2022] Getting domain auth token for each domain
[Sun Jun 19 18:39:56 CEST 2022] Getting webroot for domain=''
[Sun Jun 19 18:39:56 CEST 2022] Verifying:
[Sun Jun 19 18:39:57 CEST 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Sun Jun 19 18:40:02 CEST 2022] Pending, The CA is processing your order, please just wait. (2/30)
[Sun Jun 19 18:40:05 CEST 2022] Pending, The CA is processing your order, please just wait. (3/30)
[Sun Jun 19 18:40:09 CEST 2022] Success
[Sun Jun 19 18:40:09 CEST 2022] Verify finished, start to sign.
[Sun Jun 19 18:40:09 CEST 2022] Lets finalize the order.
[Sun Jun 19 18:40:09 CEST 2022] Le_OrderFinalize=''
[Sun Jun 19 18:40:11 CEST 2022] Downloading cert.
[Sun Jun 19 18:40:11 CEST 2022] Le_LinkCert=''
[Sun Jun 19 18:40:12 CEST 2022] Cert success.

That's wonderful. You successfully got a cert using That shows it can work and that Let's Encrypt has no problem with your server or domain name.

But, placed the cert files in its own folder structure. Your server was configured by Froxlor to get the certs from Froxlor's configuration folders.

I am hesitant to make suggestions other than to discuss with Froxlor. Making manual changes to their configuration can result in poor results going forward.

UPDATE: I just realized you got a cert for a different domain than you showed in prior posts. So, what I just said applies to your wiki domain name, not your ticket domain.


How can even """renew""" a certificate it didn't know before? :roll_eyes: