The following certs are not due for renewal yet:
/etc/letsencrypt/live/invystasafe.com/fullchain.pem expires on 2020-09-24 (skipped)
No renewals were attempted.
My web server is (include version): Apache 2.4.41
The operating system my web server runs on is (include version): Linux/Ubuntu 18.04LTS
My hosting provider, if applicable, is:AWS
I can login to a root shell on my machine (yes or no, or I don’t know):yes:
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0
That means there is a valid and good cert locally on that system.
That means the web server is using a cert that will be expiring soon.
Put those two things together and it seems that your web server is NOT using the latest cert on your system.
This might be corrected by a simple web service restart/reload or may require some troubleshooting to determine which cert the web service is using and why it isn't using the latest one and of course then changing the config to use the latest cert file (and automating that entire process).
Glad to her that
But how about next time?
You should consider automating the entire process.
[which would include restarting/reloading the web service after each successful renewal]
In any case, you know what to do should it happen again.
Cheers from Miami
So I was thinking of adding a crontab entry that would attempt the renewal every week, and if it was successful, to gracefully reload the server. Here’s the crontab entry:
Please do not start the job at pill “0” minutes. Unfortunately many people do the same, creating peak load on the ACME server. Rather use a random minute in the range of 0-59. Even better, put a script into /etc/cron.daily directory if you run the job as root.