Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ams01.oh-en2.com

I ran this command: certbot-auto -webroot certonly

It produced this output: cert generated succesfully with expried after 90 days

My web server is (include version): apache

The operating system my web server runs on is (include version): centos 6

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

on the first time , I created cert for apache, it worked well.

now , that cert is expried, so that I have to renew, but renew from apache, require to stop service, so that I created new cert for webroot and apply it.

But it seem that new cert ( for webroot) doecn’t work, when I tried to load my website, it said cert is expired. "SEC_ERROR_EXPIRED_CERTIFICATE

what wrong is it?
Thank for your help.

Certbot doesn’t need to stop the Apache service, it reloads the Apache service so it starts using your certificate.

If you switch to certonly mode, certbot stops reloading Apache for you, and you have to reload it yourself by running service httpd reload as root.

Also, certonly mode doesn’t automatically configure your web server to use your certificate. If you switch to certonly for a certificate you previously issued with --apache, it should update it in place and still work. But if you use certonly on a new machine or with a new domain, you have to manually configure Apache for SSL and configure the path to the certificate yourself.

So if Apache still serves the expired certificate after reloading, you may need to run certbot certificates and double-check your Apache configuration and make sure it is pointed to the right path.

Or just switch back to --apache mode and let certbot take care of all this for you.

Thank you very much, I forgot to reload cert, then after replace new cert, I restart my service and it work.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.