How to renew letsencrypt SSL certificate on Amazon EC2 Linux server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: $curl -v

It produced this output:

  • Trying
  • Connected to ( port 443 (#0)
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /opt/bitnami/common/openssl/certs/curl-ca-bundle.crt
    CApath: none
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (OUT), TLS alert, certificate expired (557):
  • SSL certificate problem: certificate has expired
  • Closing connection 0
    curl: (60) SSL certificate problem: certificate has expired
    More details here: curl - SSL CA Certificates

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

My web server is (include version):

The operating system my web server runs on is (include version):
Linux ip-172-31-28-33 4.19.0-10-cloud-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64 GNU/Linux

My hosting provider, if applicable, is:
Amazon EC2 Linux Server

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
$ certbot --version
-bash: certbot: command not found
$ certbot-auto --version
-bash: certbot-auto: command not found


Hello @kmsg, welcome to the Let's Encrypt community. :slightly_smiling_face:

Here is a list of issued certificates |, the latest being 2023-06-28. Looks like it was successfully renew then.


However, for some reason, an expired certificate is being served up by the web server


How do you get certificates?
What is the procedure you follow / script you run afterwards?


How to fix this issue now?

It was installed few years ago.

What is the issue, you have the renewed certificate now all you have to do is use it.



Do you have any documentation on the process?
What "happens" when a cert is obtained?


I restarted my services.
I still getting the error , when I launch website, "Not a secure a Website"

What steps I need do perform to use the new certificate?

The same steps your site has been doing for years.
Do I know what they are? NO.

And we circle back around...


Maybe this will help How to renew certificate for bitnami/ec2/linux/wordpress - #6 by kmsg

1 Like


I did below steps, still no Luck..

  1. stop all services
    $sudo /opt/bitnami/ stop

  2. Renew Certificate

$ sudo /opt/bitnami/letsencrypt/lego --tls --email=" " --domains="" --domains="" --path="/opt/bitnami/letsencrypt" run

--This completed with last line:
2023/06/30 18:58:57 [INFO] [] Server responded with a certificate.

  1. Restarted services

$sudo /opt/bitnami/ start

  1. curl -v

Output shows:

  • SSL certificate problem: certificate has expired
  • Closing connection 0
    curl: (60) SSL certificate problem: certificate has expired

Not sure, what else to run to update certificate.


1 Like

And what about?

1 Like


$ sudo /opt/bitnami/bncert-tool

Error: There has been an error.
Expected option but got "". Options start with a leading
"--" prefix
Use --help to get a list of valid options


1 Like

Seems the syntax is not correct..
What prefix should we use?

I don't know, I only quoted what you previously said. I would think you would know better than any guess I might make.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.