My certificates is not due but my site is down like it is due

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

stixex.io

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 20.10
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 1.7.0

stixex.io doesn't work but admin.stixex.io works fine

3 Likes

muss der server neu gestartet werden?, oder hast du irgendeine konfiguration geaendert?
an port 443 zeigt der webserver das alte cert.
ist der pfad korrect gesetzt?

2 Likes

Thanks After I reloaded the server, it works fine

4 Likes

You can update your Certbot renewal configuration to reload your web-server after the certificate is issued.

4 Likes

How can I update the configuration?
Could you share with me a URL or guide?

2 Likes

Please answer these. Depending on how you initially set up your instance and what web-server you use will dictate how you configure.

All configuration options are documented by Certbot. It will probably a post-hook configuration or some option within the webserver plugin.
https://certbot.eff.org/docs/
https://certbot.eff.org/docs/using.html#certbot-command-line-options

3 Likes

Unfortunately, it's not possible to "easily" modify currently existing renewal configuration files, for example to add a deploy hook (post-hook is probably not the best hook to be used here by the way). IMO this is a very big issue with certbot currently: not being able to reconfigure an already existing certificate without going through the whole issuance process again.

3 Likes

Fortunately there has been a big push over at EFF to fix what @Osiris has mentioned.

2 Likes

...which is marked as a duplicate of other issues hanging around since 2018!

I guess a proper user interface isn't very high on the certbot teams priority list. Just being objective here, love the work the team has done on other topics!

3 Likes

@greatl-lancer
The goals of getting certificates with an ACME server are to automate the workload so you won't have to take any any manual steps to renew a cert-- including reloading your web server. I think it will be worth it to test and re-issue a certificate such that that the renewal config gets updated. The whole issuance process is relatively quick and your server seems to be in good shape for renewing/issuing certificates. Also, one or two extra certs while you work to get the best set-up is a drop in the resources used bucket for Let's Encrypt. But, definitely use staging if possible!

3 Likes

For now then, @greatl-lancer will likely want to use the --force-renewal parameter along with a --deploy-hook "nginx -s reload" or possibly -i nginx (but be careful with that one if you've modified your port 443 server block).

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.