Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/asciiexpress.net/fullchain.pem. Your cert
will expire on 2017-01-18. To obtain a new or tweaked version of
this certificate in the future, simply run letsencrypt-auto again.
To non-interactively renew all of your certificates, run
"letsencrypt-auto renew"
My operating system is (include version): Ubuntu 16.04
My web server is (include version): apache2 (2.4.18)
My hosting provider, if applicable, is: self
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
I have 2 other domains on this server and had no problem updating their certs (they now expire 3 months out). I am unsure why this domain is still expiring in 2 days.
using certonly has obtained a new cert for you - but it hasn’t configured apache or reloaded it.
I would suggest first just trying a reload of apache ( service apache2 reload ) and see if that picks up the new cert. If that doesn’t then check in your apache config which cert it refers to, and check it’s the latest one ( should be in /etc/letsencrypt/live/…)
Apache was already restarted, the output above came from letencrypt tool. After some digging around it appears on the last renew some symlinks were pointed to a 0001 version. After cleaning up the links and making it look like the other domains and re-renewing it worked. I speculate the new certs were download but the tool was looking at the old certs when giving me the old date. Fixed now.
If you ran that command today and produced that output that is strange, the expire date is not correct, maybe it is some kind of bug of the letsencrypt-auto version you are using, the current version is not named letsencrypt but certbot and the last version is 0.10.1.
Today you have already issued 3 valid certs for asciiexpress.net that will expire on 2017-Apr-16.
CRT ID DOMAIN (CN) VALID FROM VALID TO EXPIRES IN SANs
77848068 asciiexpress.net 2017-Jan-16 17:45 CET 2017-Apr-16 18:45 CEST 89 days asciiexpress.net
www.asciiexpress.net
77847628 asciiexpress.net 2017-Jan-16 17:42 CET 2017-Apr-16 18:42 CEST 89 days asciiexpress.net
www.asciiexpress.net
77846789 asciiexpress.net 2017-Jan-16 17:37 CET 2017-Apr-16 18:37 CEST 89 days asciiexpress.net
www.asciiexpress.net
So those certs should be on your server, check the end date for your current certificate:
If the end date is not 2017-Apr-16 check if you have some dir like asciiexpress.net-0001 on /etc/letsencrypt/live/ dir because maybe it has been duplicated.
If the end date is correct, you should take a look to your apache config and check that you are using the right paths to your cert.
Edit: Seems you resolved it when I was writing this post ;).