Hi eveverybody. create account to ask my question because I have no more idea. Don't know if i'm at the right place. excuse me in advance. Th'at's my first message.
My domain is OK: madeinmarseille.net
cert is OK but I have a "ghost" certificate online num " 04775b4497e4362a2c807c5dc410103c0c6e" expired april 9
I say "ghost" because it isnt referenced by Certbot who know only
my 2 officials and fonctionnals actuals certifs Serial Number: 468e7.....e0f4e0
and the valide actual certificate for madeinmarseille.net Serial Number: 4e67ae882401e5d829023dd6a053fc32ffb
Expiry Date: 2022-08-07 06:31:14+00:00 (VALID: 88 days)
90% Certif returns are OK with the new certif . 10% are obsolete with the Ghost certif !
test with 3 OS, 4 machines and 4 Web browsers(Chr FF Op Edge). Same results
Ghost certif be back after a random number of clicks and page views.
I tried to "renew" it, impossible cause not exist
I tried to "delete" new cert with same name ... but unfortunatly, https://www.ssllabs.com/ always see the old certif which send "obsolete" message.
Can I delete certif with serial number ? (see of course "--cert-name" but dont see "--cert-[id]" in man )
Whats the secret !?
certbot --version ----> certbot 1.27.0
debian Lenny with root access
We've had a couple of users report the same issue over the years.
My theory is that something (rarely) goes wrong with Apache reloading, after certificate renewal. Your server ends up with orphaned Apache processes which are still holding onto the old certificate "in memory", even though the certificate has since been deleted from the file system.
Solving this can most simply be done by rebooting your server.
To do so without a reboot, you will want to stop Apache, then kill off any orphaned Apache processes, and then start Apache:
service apache2 stop
killall -9 apache2
service apache2 restart