My certificate does not work any more

My domain is: wsv.gtbox.fr

I ran this command: I tried to create a new certificate (wsv.madobox.fr) on the same server as wsv.gtbox.fr

It produced this output: My wsv.gtbox.fr certificate does not work anymore. I tried to go back restoring the previous certificate files but it does not work !?

My web server is (include version): JBoss Application Serveur 7

The operating system my web server runs on is (include version):Ubuntu 18.04 LTS

My hosting provider, if applicable, is: PlanetHoster

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.22.0

Thanks for any help.

1 Like

Hello, i finally manage to go back and rebuilt the wsv.gtbox.fr certificate ! Now i will try again to build the new wsv.madobox.fr and make it work with my Jboss server.

1 Like

Hi @SavNTec and welcome to the community!
I see you are working on the issue..
What I notice is that https://wsv.madobox.fr/ is serving a certificate issued for wsv.gtbox.fr...
The cert is valid till April.
wsv.gtbox.fr is serving the same certificate and it seems to be working correctly. (Page is blank probably cuz you are working on it.)
So all you need to do is configure this cert and you should be good to go:
crt.sh | wsv.madobox.fr

Of course you knew that!
Hope this helps.

3 Likes

Hello,

Thanks for your answer.

wsv.gtbox.fr and wsv.madobox.fr are in fact the same host containing a JBoss AS 7 server. As i dont manage to set two different certificates in the JBoss configuration ( :frowning:) , i rebuild the wsv.gtbox.fr certificate with an « alias » domain name wsv.madobox.fr. It seems to work fine, i can access my Web application using https with wsv.gtbox.fr or wsv.madobox.fr.

Can you pleas confirm me that this configuration is right and that auto update with /root/cert/certbot-auto will work fine ?

Could you please tell me the expirency date of the certificates so that i could check if the update is ok at this time ?

Best regards,

Michel.

1 Like

@SavNTec
There's lots of ways to configure a server, Some better and more secure than others.
You now have 2 certificates for wsvmadobox.fr

We can help you "expand" the certificate to include both domain names.
Would you please post the output of:

certbot certificates

Thanks

1 Like

certbot-auto has been deprecated.
There is no guarantee that it will continue to work "fine".
If possible, you should update to a current version of certbot.

3 Likes

Good Catch @rg305

2 Likes

Hello,

Thanks for your answer, could you please help me to update to a current version of certbot ?

Best Regards.

Michel Coté.

It would seem that there are multiple versions of certbot installed.

Try:
which certbot
which certbot-auto

2 Likes

Here are the requested informations :

root@hybrid2502:~/cert# which certbot

/usr/bin/certbot

root@hybrid2502:~/cert# which certbot-auto

./certbot-auto

root@hybrid2502:~/cert# pwd

/root/cert

root@hybrid2502:~/cert#

Thanks for your help.

Best Regards

Michel Coté.

I think you can uninstall certbot-auto (or just delete the file).

Then check the auto-renewal script/cron job to ensure it calls certbot [not certbot-auto].

2 Likes

Hello,

certbot-auto in fact is a shell script (about 2000 lines !?).

The cron to update the certificates contains : 0 4 * * * /root/cert/certbot-auto renew --max-log-backups 31 --no-self-upgrade --quiet --renew-hook /root/cert/store-renewed.sh

You think i can replace it by : : 0 4 * * * /root/cert/certbot renew --max-log-backups 31 --no-self-upgrade --quiet --renew-hook /root/cert/store-renewed.sh

Thanks for your help.

Regards,

Michel

I don't think that's where it is located.

2 Likes

Hello,

You are wright, certbot is in /snap/bin/certbot

root@hybrid2502:~# whereis certbot

certbot: /usr/bin/certbot /snap/bin/certbot

root@hybrid2502:~# ls -l /usr/bin/certbot

lrwxrwxrwx 1 root root 17 févr. 7 12:56 /usr/bin/certbot -> /snap/bin/certbot

root@hybrid2502:~#

So you think i can remplace : 0 4 * * * /root/cert/certbot-auto renew --max-log-backups 31 --no-self-upgrade --quiet --renew-hook /root/cert/store-renewed.sh

by : : 0 4 * * * /usr/bin/certbot renew --max-log-backups 31 --no-self-upgrade --quiet --renew-hook /root/cert/store-renewed.sh

The options of the script /root/cert/certbot-auto and the binary /usr/bin/certbot are compatible ?

Bonne journée.

Michel Coté.

That option was specific for the certbot-auto wrapper script and is not available in Certbot itself.

2 Likes

If this is merely a symlink, then yes.

Otherwise, instead use the real path:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.