I can login to a root shell on my machine (yes or no, or I don’t know): Yes
Every few days I get a ‘can’t provide a secure connection’ error on this site. Once I reinstall the certificate everything works fine but then again the same thing seems to happen a few days later.
I posted this topic before (Need to reinstall certificate every few days) but no one could help as I had renewed the certificate and the issue could not be seen. The same issue has happened again and I would be really grateful if someone could help ASAP as obviously I can’t leave this site down for a long time.
Please show the whole command you used to issue your certificate.
Regarding the problem: there must be an interfering process which rolls back your config file changes and restarts the webserver software.
The site is running TLS again on port 443. Did you reinstall it already?
The fact just reinstalling an existing certificate through certbot would suggest something is breaking the Apache configuration in a periodic manner.
I would suggest looking very good at every cron job or systemd timer you’ve got running on your server and if they could manipulate the Apache configuration somehow.
Also, it would be very helpful if you could make two copies of all the configuration files in /etc/apache2/: one when everything is running fine (like now) and one when everything is broken again. Then, we can compare both configurations and see what’s wrong.
Sounds like a configuration config tool like Puppet/Ansible/Salt might be the thing that “fixes” the Apache config file, or even replacing your certificates… difficult to guess without some other information like the config when this happens, the config after the reinstallation, crontab entries, other software running, how you update/etc. the website.
Perhaps your renewal script might be at fault here too?