Installed certificate but browser still says it is out of date

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: [root@becks httpd]# --install-cert -d
--cert-file /etc/letsencrypt/live/
--key-file /etc/letsencrypt/live/
--fullchain-file /etc/letsencrypt/live/

It produced this output:
[Mon 6 Sep 15:19:38 GMT 2021] Installing cert to: /etc/letsencrypt/live/
[Mon 6 Sep 15:19:38 GMT 2021] Installing key to: /etc/letsencrypt/live/
[Mon 6 Sep 15:19:38 GMT 2021] Installing full chain to: /etc/letsencrypt/live/

My web server is (include version): Apache

The operating system my web server runs on is (include version): Fedora26

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Using terminal

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Just switched to after I had problems updating certbot on my machine


Issued certificates with
[root@becks httpd]# --issue --standalone -d -d

it worked and installation seems too but when I go to my domain it still says that the certificate is out of date.

1 Like

Did you restart Apache to pickup the new cert?


Please note that doesn't issue certs from Let's Encrypt by default any longer. You've issued a cert from ZeroSSL. Check for yourself: |

Also note that the --install option for does not actually install your ZeroSSL cert into a webbrowserserver. Please refer to the manual.


Yes, but --install-cert (which is what OP used) installs the cert into a web server (or, really, any other kind of server you may be using).


He did what now? :stuck_out_tongue: Also, not sure if that command actually modifies the webserver configuration. If you look at it still needs manual configuration in Apache.

Although if Apache was already configured properly with the exact same paths for the relevant files, it kinda acts like that? But that's just b/c a cert was already installed.

So perhaps indeed only a reload (a non-graceful restart is not required and has the downside of having a tiny little downtime) of Apache is needed.


No, it does nothing at all to the webserver configuration. The only function of that command is to put certs in the right locations and run the right commands to reload the proper services (though OP missed that last part). You're still responsible for whatever config edits need to happen (I think I recall that has an apache plugin that will make the edits, but I'm not sure, and I am sure I've never used it if it is there). --deploy-cert would probably be a better name for the option, but that would likely conflict with the "deploy" scripts that are already packaged with

OTOH, the --install command (which is what you mentioned) is used to install, not a cert.


So, what you said earlier:

.. is not true then? :wink: Not as the install subcommand of certbot that is, which is kinda my reference.


Call it a misunderstanding. When you quoted the --install command, I'd understood your point to be that that command installs, not a cert (which is true). The --install-cert command "installs" a cert, in that it puts it in the specified place and calls the specified (if any--which is almost certainly the issue OP is having) commands before, during, or after the process--but no, it doesn't configure Apache or any other server to use that cert. Kind of depends on what your definition of is is, as a certain former President once said.

Though as I look more closely at the OP, I'm wondering: why is he telling to put actual files (not symlinks) into /etc/letsencrypt/live/? That doesn't sound like a good idea at all.


Nah, I actually meant the behaviour of copying some files around like --install-cert does. I just didn't know the command had -cert in it too and I didn't pay enough attention to the exact commands used in OP apparently :wink:

That's indeed a terrible idea if one wants to start using certbot again some day.


It is now fixed, thank's everyone for the replies, I had to put the certs in to a new directory and change the .conf file of Virtualhost port 443 instead of loading them to the letsencrypt directory


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.