Error when renewing certificate - cert revoked

My domain is:

Following on from this morning’s email to force renewal of the certificate I had to do a couple of things to fix the deployment I’d previously done - I had copied the certs from another box and so hadn’t actually run certbot to renew certificates on this new box. I revoked the certificate in the process certbot revoke --cert-path /path/to/cert which may have been a mistake - I then ran the set up code again for certonly

sudo certbot certonly --webroot -w /path/to/webroot -d -d and it succeeded - then as per the email ran sudo certbot renew --force-renewal which also appeared to succeed, output is:

/usr/lib/python3/dist-packages/requests/ RequestsDependencyWarning: urllib3 (1.25.8) or chardet (3.0.4) doesn’t match a supported version!
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Waiting for verification…
Cleaning up challenges

new certificate deployed without reload, fullchain is

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/ (success)

The problem is that the certifcate is still coming up in my browser as revoked - making me think that something has gone wrong. Have I broken this irretrievably. I appreciate any help you can offer.

Other information

My web server is (include version):
Nginx (version: nginx/1.14.0 (Ubuntu))

The operating system my web server runs on is (include version):
Ubuntu 18.04

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.27.0

Hi @filtoid

if you use certonly, you have to install the certificate. Minimal a webserver restart is required.

1 Like

If you “sudo systemctl reload nginx”, does that fix it?

What does “sudo certbot certificates” show?

Is Nginx configured to use the correct certificate?

1 Like

Of course - thanks. I’ve done this literally every other time I’ve used it and forgot this time.

Thanks all. :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.