Keep getting expired certificate from browser after renewal

xauxatz · May 2, 2016, 9:07am

Hi - I use Letsencrypt on an ubuntu server.
I have certificates for both the website and for an app.
My certificates expired today - but I renewed them on the server with this command:

./letsencrypt-auto certonly --agree-tos --apache -d gugalerts.com -d www.gugalerts.com -d appx.gugalerts.com

The command completed successfully. I then restart apache with “service apache2 restart”

But but but, the browser (chrome, firefox, etc.) keeps reporting that the certificate has expired.

What more should I do?

cool110 · May 2, 2016, 9:12am

Your old cert was also valid for ga.gugalerts.com, by not including that domain the client will have created a new certificate lineage. If you look in /etc/letsencrypt/live you should see multiple directories, one of those will contain the expired cert you’re using now while the one you want will be in another.

xauxatz · May 2, 2016, 9:15am

But how can I make sure the server uses the most recent one?
Better yet, can I ensure that there is only a single lineage that is renewed every time, to avoid confusion in the future?

pfg · May 2, 2016, 9:22am

You can force the client to keep the same lineage using --expand.

xauxatz · May 2, 2016, 9:37am

That did the trick - many thanks!

system · June 1, 2016, 9:38am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ssllabs says cert expired Jan 17th but Lets Encrypt says not due for renewal Help	13	1992	March 24, 2017
What can I do if the letsencrypt certificate has expired? Help	13	943	March 20, 2019
Cert renewed, but date wrong	16	9614	June 11, 2016
I keep receiving emails that my certificate will expire Help	3	2516	November 25, 2017
Certificate expired Help	17	2741	November 30, 2021

Keep getting expired certificate from browser after renewal

Related topics