Keep getting expired certificate from browser after renewal


#1

Hi - I use Letsencrypt on an ubuntu server.
I have certificates for both the website and for an app.
My certificates expired today - but I renewed them on the server with this command:

./letsencrypt-auto certonly --agree-tos --apache -d gugalerts.com -d www.gugalerts.com -d appx.gugalerts.com

The command completed successfully. I then restart apache with “service apache2 restart”

But but but, the browser (chrome, firefox, etc.) keeps reporting that the certificate has expired.

What more should I do?


#2

Your old cert was also valid for ga.gugalerts.com, by not including that domain the client will have created a new certificate lineage. If you look in /etc/letsencrypt/live you should see multiple directories, one of those will contain the expired cert you’re using now while the one you want will be in another.


#3

But how can I make sure the server uses the most recent one?
Better yet, can I ensure that there is only a single lineage that is renewed every time, to avoid confusion in the future?


#4

You can force the client to keep the same lineage using --expand.


#5

That did the trick - many thanks!


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.