My domain is: https://missoula.live/
I ran this command:
I followed the instructions on this page: https://certbot.eff.org/lets-encrypt/centos6-apache
I did have to change one command to get things working to the following:
sudo /usr/local/bin/certbot-auto --apache-challenge-location /etc/httpd/conf
It produced this output:
The SSL worked for about a week, and now I get the usual “your ssl doesn’t work” error when I visit the site. Rerunning the command above makes everything run smoothly for another week or so.
My web server is (include version): Apache on CentOS 6
My hosting provider, if applicable, is: Bluehost
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
I do have access to Cpanel and WHM
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.34.2
Other details: I have a few domains on this server. One of them is https://missoulachamber.com/ and I have recently rerun the certbot-auto --apache command above to get the SSL working again. This domain, and all others on the server, stop using the right SSL at seemingly the same time. I left missoula.live with the broken one so we could troubleshoot.
Renewing provides this output:
“You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.”
1: Attempt to reinstall this existing certificate fixes everything.
Somehow it looks like the SSLs all start to point to a different SSL I have on the account. Why is this happening?
Hi @andrewwindfall
you have some Letsencrypt certificates ( https://check-your-website.server-daten.de/?q=missoula.live ):
| CertSpotter-Id |
Issuer |
not before |
not after |
Domain names |
LE-Duplicate |
next LE |
| 904447977 |
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US |
2019-05-10 16:55:02 |
2019-08-08 16:55:02 |
missoula.live, missoula-live.windfall.studio, www.missoula.live, www.missoula-live.windfall.studio |
|
|
| 4 entries |
duplicate nr. 1 |
|
|
|
|
|
| 888423800 |
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US |
2019-04-30 21:06:05 |
2019-07-29 21:06:05 |
missoula.live, missoulachamber.com, missoulachamber-com.windfall.studio, missoula-live.windfall.studio, www.missoula.live, www.missoulachamber.com, www.missoulachamber-com.windfall.studio |
|
|
| 7 entries |
|
|
|
|
|
|
| 888322974 |
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US |
2019-04-30 19:38:20 |
2019-07-29 19:38:20 |
mail.missoulachamber.com, missoula.live |
|
|
| 2 entries |
|
|
|
|
|
|
| 888318415 |
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US |
2019-04-30 19:34:12 |
2019-07-29 19:34:12 |
missoula.live, missoulachamber.com |
|
|
| 2 entries |
|
|
|
|
|
|
Created April, 3 and May, 10. Bt you don't use it.
Instead, there is a wildcard windfall.studio - certificate:
CN=*.windfall.studio, OU=PositiveSSL Wildcard, OU="Hosted by BlueHost.Com, INC", OU=Domain Control Validated (7592)
28.03.2018
12.04.2019
35 days expired
*.windfall.studio, windfall.studio - 2 entries
With names you have in your certificate.
Normally, it's the best you split certificates:
One domain (with non-www and www), one vHost (ServerName non-www, ServerAlias www) and one certificate with both domain names.
So create one new certificate with something like
certbot yourOtherParameters -d missoula.live -d www.missoula.live
But first check your vHosts:
apachectl -S