I ran this command: letsencrypt-auto -d domaine_1,domaine_2,…,domaine_n --renew-by-default --no-redirect --text
So I work on multiple site at the same time, some had expired certi, so I renewed all of them yesterday, this command worked well, and all the error of expired cert from google chrome were gone. But this morning my main site couldn’t get the cert, I checked my /etc/letsencrypt/live file, and I got another one, my_domain.com-0001. I’m getting : NET::ERR_CERT_COMMON_NAME_INVALID.
I tried renewing with ./letsencrypt-auto certonly and it says it got renewed, so if you have any ideas
When I generate the certificate, it shows me all the subdmain that are included, and they’re all included
I checked on OVH, and the SSL certificate is activated. So I really don’t see where that could come from.
OK, the certificate you are using only has the one though. Did you run things twice at some point, with a different set of domains selected - which is why it’s stored it with 000x on the end ( because it’s slightly different than the original).
Compare what you have in your apache confiig with the latest certs in the /etc/letsencrypt/live folder.
Well, yes I think, yesterday I used the command from my first post with all my domain, and since today it wasn’t working, I thought I might have forgot beeshary.com yesterday, so I ran the command again, only with beeshary.com.
In my /etc/apache2/sites-available I got 000-default.conf :
Now, should I juste delete one of the beeshary and ask a new certificate for the other ones, or delete both and get a new certificate for all (and how do I delete them?)? (even if I only have the two beeshary.com, the other site works, like the dev or the shop).
Judging by the face that the blog still works, you do still have valid certs for everything. But it’ll probably be easier to delete them all (both directories under live/ and archive/, as well as the .conf files in renewal/) and get one cert for everything.
After doing that then you should use letsencrypt-auto renew so there’s a lower risk of this happening again.
So, I tried moving the directories of beesahry.com and beeshary.com-000x out of live and archive, but when I ran letsencrypt-auto, it says he needed the /etc/letsencrypt/live/beeshary.com/cert.pem file, and displayed an error.
So i searched a bit, and openend the archive directory and found every files duplicated : cert1.pem cert2.pem etc… Couldn’t I just delete beeshary-0001 from archive and the duplicated files in beeshary ?
Or should I just delete all beeshary-000x files and make a new certificate?
(Sorry if I ask one more time, I just wanna make sure I don’t break everything ).
By searching even more, I found out that the cert used is the on in /etc/letsencrypt/archive/beeshary.com-0002/fullchain2.pem
So, I deleted all file with -000x numbers in archive, live and renewal, and when I run letsencrypt-auto --expand I get :
│ Error while running apache2ctl configtest.
│ Action ‘configtest’ failed.
│ The Apache error log may have more information.
│ AH00526: Syntax error on line 14 of │
│ /etc/apache2/sites-enabled/default-ssl.conf: │
│ SSLCertificateFile: file │
│ ‘/etc/letsencrypt/live/beeshary.com-0002/fullchain.pem’ does not │
exist or is empty
No installers seem to be present and working on your system; fix that or try running certbot with the “certonly” command
And hen I run it with “certonly” I get the same error.
It actually came to me just before you wrote it, so i changed the path, and now it tells me my .conf file is broken :
Renewal conf file /etc/letsencrypt/renewal/beeshary.com.conf is broken. Skipping.
But now the site is actually working even if loading really slowly, I have no idea why, I guess that when I asked for a new cert, it changed my SSLCertificateFile and key, and it couldn’t work anymore. But I’d still like to fix my .conf problem.
Anyway, thanks a lot to both of you for helping me, you saved me!