Had to change domain names but site is still using old certificate


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: spacecityvideo.com

I ran this command:
sudo lego --email=“EMAIL-ADDRESS” --domains=“digigavel.com” --domains=“www.digigavel.com” --path="/etc/lego" revoke

sudo lego --email=“EMAIL-ADDRESS” --domains=“spacecityvideo.com” --domains=“www.spacecityvideo.com” --path="/etc/lego" run

sudo lego --email=“EMAIL-ADDRESS” --domains=“spacecityvideo.com” --domains=“www.spacecityvideo.com” --path="/etc/lego" renew

It produced this output: Certificate Received, no errors

My web server is (include version): 35.188.16.248

The operating system my web server runs on is (include version): Debian GNU/Linux 9.5 (stretch)

My hosting provider, if applicable, is: Google Cloud

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I previously used lego to obtain an SSL certificate for my domain name digigavel.com . However, I had to switch domain name from digigavel.com to spacecityvideo.com . Now, whenever I navigate to spacecityvideo.com on my browser the web-site shows as not secure because it only recognizes the certificate that was issued for digigavel.com even though I revoked the certificate.

Please help.


#2

Hi @emre.coklar,

I don’t think lego includes any kind of installer. Your certificates are files on disk and your web server configuration will refer to a particular one, which will not change unless you edit your web server configuration.

That means you’ll need to edit your web server configuration to refer to the path where your new, updated certificate was saved.

Revocation never affects your web server configuration. It only means that the CA will no longer tell clients who ask that the certificate is valid. There’s no benefit to revoking a certificate unless you believe that the private key has been compromised.


#3

Thank you for the reply. I double checked the web server configuration and nothing stands out. Like I mentioned in my original post, the site is marked “not secure” because the certificate belongs to the old domain name.

I tried taking a more drastic measure of deleting the certificate, but I forgot there is a link between the certificate and the server.crt so now I can’t get nginx back up.

From what I’ve learned, I assume what I needed to do was to create a link between the certificate for the new domain name and the server.crt/.key/,csr files. Once I figure out how to recreate those files I will test this theory and report back so that others can hopefully benefit.


#4

Hi,

Can you please check under your /etc/lego path?

There should be certificate folders / files that includes the new certificates…

Thank you


#5

Once you find the certificates & keys corresponding to the new domain, you could just use those files (instead of creating server.crt / .key / .csr) in your nginx…

Thank you


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.