Intermediate Certificate not renewed


#1

Hi guys I ran “sudo -u root sudo /usr/bin/letsencrypt renew” which executed fine.

When I run a SSL server test on https://www.ssllabs.com/ssltest/analyze.html?d=stevewright.nz I get an expired intermediate certificate.

How do I fix this?


#2

That’s not the intermediate certificate, for some reason you’re also sending the old certificate, which normally wouldn’t happen.

Previous time you got two certificates for the same hostnames. Did you do something strange to your configuration? I.e., have two SSLCertificateFile directives in your Apache conf? Or did you make your own .pem file?


#3

A find /etc -name “*.pem” finds these, amongst a whole pile of others. one assumes that I can remove one set without and adverse effects?

/etc/letsencrypt/live/zm.stevewright.nz/privkey.pem
/etc/letsencrypt/live/zm.stevewright.nz/cert.pem
/etc/letsencrypt/live/zm.stevewright.nz/fullchain.pem
/etc/letsencrypt/live/zm.stevewright.nz/chain.pem
/etc/letsencrypt/live/stevewright.nz/privkey.pem
/etc/letsencrypt/live/stevewright.nz/cert.pem
/etc/letsencrypt/live/stevewright.nz/fullchain.pem
/etc/letsencrypt/live/stevewright.nz/chain.pem

Steve


#4

I wouldn’t worry about the stuff in /etc/letsencrypt if I were you. I’d rather concentrate my efforts on your Apache configuration: that’s where the problem is.


#5

OK found the issue and fixed it. :slight_smile:

The chainfile path was incorrect.

Is to worth removing the expired certs?

Thanks for the help!

Steve


#6

Not really, they take only a few bytes of space and every 60 days you’ll get a new one, so you’d have to remove them regularly if you’d want to keep it “clean”.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.