It's says not yet due for renewal but they are up

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot renew

It produced this output: The following certs are not due for renewal yet:
/etc/letsencrypt/live/ expires on 2021-04-06 (skipped)
No renewals were attempted.

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): Macintosh OS Catalina

My hosting provider, if applicable, is: Myself

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


Why do you think you need to renew? Your current webserver is using the same certificate as you've shown here which isn't due to expire for approximately 2 months.


I just rebooted my server and now everything is working.. I didn't know Certbot renews by itself I thought I had to run the command.. my site was saying it was insecure.. so the old one ran out and I was still linked to it, the new one wasn't being used.. reboot fixed this, thank you so much.


Certbot is probably regularly being run from cronjob or a systemd timer. However, this sounds like you got your certificate initially with the certonly subcommand. This means your webserver isn't automatically reloaded to use a renewed certificate.

It's possible to add a reload command (which depends on your distribution and webserver used) to certbot which is ran every time a certificate has been renewed succesfully. This command is called --deploy-hook and you can find more information about it in the official certbot documentation.


An alternative to Osiris's completely functional suggestion is:

sudo certbot renew -i apache

This will keep your existing certificate and update your installation method to reload apache after successfully acquiring/renewing your certificate.

If you want to use the method that Osiris suggested, use this:

sudo certbot renew --deploy-hook "sudo apachectl -k graceful"


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.