Keep getting expired certificate from browser after renewal

Hi - I use Letsencrypt on an ubuntu server.
I have certificates for both the website and for an app.
My certificates expired today - but I renewed them on the server with this command:

./letsencrypt-auto certonly --agree-tos --apache -d -d -d

The command completed successfully. I then restart apache with “service apache2 restart”

But but but, the browser (chrome, firefox, etc.) keeps reporting that the certificate has expired.

What more should I do?

Your old cert was also valid for, by not including that domain the client will have created a new certificate lineage. If you look in /etc/letsencrypt/live you should see multiple directories, one of those will contain the expired cert you’re using now while the one you want will be in another.

But how can I make sure the server uses the most recent one?
Better yet, can I ensure that there is only a single lineage that is renewed every time, to avoid confusion in the future?

You can force the client to keep the same lineage using --expand.

That did the trick - many thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.