My domain is:

I ran this command:
I followed the instructions on this page:
I did have to change one command to get things working to the following:
sudo /usr/local/bin/certbot-auto --apache-challenge-location /etc/httpd/conf

It produced this output:
The SSL worked for about a week, and now I get the usual “your ssl doesn’t work” error when I visit the site. Rerunning the command above makes everything run smoothly for another week or so.

My web server is (include version): Apache on CentOS 6

My hosting provider, if applicable, is: Bluehost

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
I do have access to Cpanel and WHM

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.34.2

Other details: I have a few domains on this server. One of them is and I have recently rerun the certbot-auto --apache command above to get the SSL working again. This domain, and all others on the server, stop using the right SSL at seemingly the same time. I left with the broken one so we could troubleshoot.
Renewing provides this output:
“You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.”
1: Attempt to reinstall this existing certificate fixes everything.

Somehow it looks like the SSLs all start to point to a different SSL I have on the account. Why is this happening?


Hi @andrewwindfall

you have some Letsencrypt certificates ( ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
904447977 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-10 16:55:02 2019-08-08 16:55:02,,,
4 entries duplicate nr. 1
888423800 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-04-30 21:06:05 2019-07-29 21:06:05,,,,,,
7 entries
888322974 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-04-30 19:38:20 2019-07-29 19:38:20,
2 entries
888318415 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-04-30 19:34:12 2019-07-29 19:34:12,
2 entries

Created April, 3 and May, 10. Bt you don’t use it.

Instead, there is a wildcard - certificate:

CN=*, OU=PositiveSSL Wildcard, OU="Hosted by BlueHost.Com, INC", OU=Domain Control Validated (7592)
35 days expired	
*, - 2 entries

With names you have in your certificate.

Normally, it’s the best you split certificates:

One domain (with non-www and www), one vHost (ServerName non-www, ServerAlias www) and one certificate with both domain names.

So create one new certificate with something like

certbot yourOtherParameters -d -d

But first check your vHosts:

apachectl -S