Help with Certbot renewal & plugins


where I see cert life,?

also cerbot certificate is it a comment or some file


I don’t see one. But your configuration isn’t good:

Domainname Http-Status redirect Sec. G 302 0.506 D 200 0.637 H 302 6.486 A 200 2.660 A

You have a redirect to your login page. But the login page uses http, which is bad.

So http -> https, then / -> login.


root@vorman:~/lets# certbot certificates

bash: certbot: command not found


certbot-auto certificates


please show , confused


Check it

Your browser may cache the https status, so you can’t use your browser to test such things.

But a new user doesn’t use https if there is no redirect.


thanks let me write this down lol. and how I renewed. next time be easier for me. appreciate the help


Just use:
certbot-auto renew

Which can be called from a cron job (twice a day is the recommendation).
It will only actually renew when less than 30 days are left.


this is still French to me, sorry , how I fix it ?


The config doesn’t force HTTP to HTTPS.
So anyone going to
gets this:
–2018-12-08 11:01:22--
Resolving (…
Connecting to (||:80… connected.
HTTP request sent, awaiting response… 302 Found
Location: [following]
–2018-12-08 11:01:23--
Reusing existing connection to
HTTP request sent, awaiting response… 200 OK

Instead of:


I understand this part but where in the file I fix it ? and how


From example #1 at:
This will redirect ALL http connections to https.
Add to your LIGHTTPD config (and restart web service):

$HTTP["scheme"] == "http" {
    # capture vhost name with regex conditiona -> %0 in redirect pattern
    # must be the most inner block to the redirect rule
    $HTTP["host"] =~ ".*" {
        url.redirect = (".*" => "https://%0$0")


Now you have a Grade B, this is ok. Your users are redirected to https, so you don’t have http anymore.

Adding HSTS (to get a Grade A) - wait some time.

If HSTS is set and the certificate is expired, the user can’t create an exception. So the page would be blocked.

So HSTS (+ preload) is a wonderful security feature. But it requires always valide certificates and a working renew function.


The server preferred cipher suite order needs some proper re-ordering (in strongest to weakest order):


I’m not SslLabs. This is my own check because I don’t want to test all these things manual.

Before, the site had Grade H - no https, now B.


I hit the max limit of replies in one day yesterday ,

Thanks a lot to you and @rg305. Very helpful


Why is my certificate showing expired if I renewed it


You have created a new certificate.;include_subdomains:false;



| (464)|27.09.2018|25.12.2018 expired| - 1 entry

you don’t use it.

Did you restart / reload your server?


Yes but still
Why points to archive I see 2 certificates in fullchain

0 lrwxrwxrwx 1 root root 44 Dec 8 05:46 /etc/letsencrypt/live/ -> …/…/archive/


Please show the output of

certbot certificates

Then you have the name of your correct certificate. Then you can change the file names in your vHost.