I just renewed my Google domain. I moved my website to a new VM, same cloud GCP, different project. Did not copy over the old certificates. I successfully added letsencrypt certs last week. Https never updated. I just started another new VM and added the letsencrypt auto certs. Do I have to wait until the old certs run out? My http IP shows website but not secure. Any helpful suggestions would be appreciated.
No.
Your webserver is misconfigured. It either doesn't serve https or it doesn't redirect http -> https.
Can you see your website on https://yoursite.example.com ?
Hi 9peppe, same setup worked for a whole year before I changed VM. Setup good. It is some thing to do with deleting the old VM and the new certs on the new VM not registering. I am thinking because my old certs for the same domain are good for another month I may not be able link to the new website VM through the letsencrypt certs until the old certs run out. Like I said I cannot see https-no but we can see http-yes.
It’s not about your certs being good for another month (that’s renewal time anyway, 30 days to expiration date).
What actual error messages have you seen?
(It gets easier if we know what domain you’re talking about.)
Congratulations! Success! My certs have been successfully issued! No errors. Just not connecting to https. My domain is fridaro.dev
And what happens if you try and connect directly to https://yourdomain ?
This tells me that your webserver is not configured to serve your website over https. (or there’s a firewall in the way)
What webserver are you running, and what command did you use to obtain your certificates?
https://certbot.eff.org/lets-encrypt/debianstretch-nginx these commands multiple times before and they work. My firewall is only open to ports 443 and 80. I actually had 80 closed before on old server. I only add port 22 before I enter the VM ssh, then close it after I’m done any adjustments
did you run certbot --nginx or certbot certonly --nginx?
in the second case, run certbot install --nginx
(I'd say overkill... but, your choice, as long as password access is disabled.)
sudo certbot certonly --nginx the second one. I originally had the backdoor, add my own certs, last year and renewed per email. Since I renewed my domain March 1, and changed servers, I have not got any emails. I redid the server and new certs today in case I entered wrong email. I entered correct email. No emails. Just the confirmation I successfully passed the challenges. I don’t know about password as I access my Google cloud through the secure console
I don’t know what backdoor your talking about, but, yeah, running certbot certonly won’t configure your webserver.
You’ll have to do it manually or tell certbot to do it for you (certbot install --nginx).
certbot install --nginx
After the sudo certbot certonly --nginx command?
You can issue certbot certonly --nginx to obtain the cert and then certbot install --nginx which installs the cert.
OR
you can run certbot --nginx, which will both obtain and install the cert.
Ok, I will try renew again with the added line of code. I did that and choose 2 for secure redirect. I do think I choose 1 before to keep same config. Wait and see now. Thanks for your help 9peppe! 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.