My domain is: humboldtutilities.com
I ran this command:
sudo certbot certificates
It produced this output:
Domains: humboldtutilities.com www.humboldtutilities.com
Expiry Date: 2024-02-13 16:55:36+00:00 (VALID: 39 days)
Certificate Path: /etc/letsencrypt/live/humboldtutilities.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/humboldtutilities.com/privkey.pem
My web server is (include version): Apache, not sure what version
The operating system my web server runs on is (include version): Ubuntu 18.04.1
My hosting provider, if applicable, is: DigitalOcean
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): ExpressionEngine 6
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): 0.31.0
Note: My certificates are set to auto-renew so as of this moment I haven't made any changes/taken any actions on the server, so I know this is not something I caused.
So, this is a twofold issue kind of. I'm VERY new to all of this, and picking up where previous devs left off with little to no documentation, so please be patient and ELI5 whenever possible.
The site is showing as Not Secure but only sometimes and not on every page. On most pages, most of the time, it's successfully pulling the correct Certbot certificate that I can see on the server. When I hit the error, I can see exactly that it's pulling the previous certificate that expired in December.
The problem is I don't know or understand why it's doing that. As you can see from my output, the new February cert is right there, and it's pulling just fine most of the time. Is there any action I can take or is this just a matter of time??
Part 2 is that, in investigating this and running the crt.sh query, I have NO idea where half of the active certs even came from! There's the 2/13 expiry cert that I expect from Certbot. Then, this site is also on Cloudflare. Based on my Cloudflare account SSL settings, I'm expecting to see a certificate that expires on 3/24... and it's not there. Instead, I see 3(?) certs set to expire on 1/25.
How in the world do I track those down - I would need file location, or website service e.g. Cloudflare, or something - in the event that I ever need to check on, remove, adjust those?? Or if they are the Cloudflare certs, why is the expiry date so wildly different??