Keep getting expired certificate from browser after renewal

xauxatz · May 2, 2016, 9:07am

Hi - I use Letsencrypt on an ubuntu server.
I have certificates for both the website and for an app.
My certificates expired today - but I renewed them on the server with this command:

./letsencrypt-auto certonly --agree-tos --apache -d gugalerts.com -d www.gugalerts.com -d appx.gugalerts.com

The command completed successfully. I then restart apache with “service apache2 restart”

But but but, the browser (chrome, firefox, etc.) keeps reporting that the certificate has expired.

What more should I do?

cool110 · May 2, 2016, 9:12am

Your old cert was also valid for ga.gugalerts.com, by not including that domain the client will have created a new certificate lineage. If you look in /etc/letsencrypt/live you should see multiple directories, one of those will contain the expired cert you’re using now while the one you want will be in another.

xauxatz · May 2, 2016, 9:15am

But how can I make sure the server uses the most recent one?
Better yet, can I ensure that there is only a single lineage that is renewed every time, to avoid confusion in the future?

pfg · May 2, 2016, 9:22am

You can force the client to keep the same lineage using --expand.

xauxatz · May 2, 2016, 9:37am

That did the trick - many thanks!

system · June 1, 2016, 9:38am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.