OpenLiteSpeed Wordpress certbot shows valid certificates site shows expired certificate

terrasini · July 27, 2024, 12:34pm

updated the certificates with
certbot -d terrasinipalermovacation.com --manual --preferred-challenges dns certonly
certbot -d terrasinipalermovacationrentals.com --manual --preferred-challenges dns certonly

updated _acme-challenge.terrasinipalermovacation.com txt record
updated _acme-challenge.terrasinipalermovacationrentals.com txt record

certificates on server with certbot certificates show up to date
site shows expired cert and no padlock
whynopadlock.com shows expired certificates "Your SSL certificate is expired! (Expired on: 2024-07-23) You will want to renew your SSL certificate as soon as possible!"

My domain is: Terrasinipalermovacation.com

I ran this command: certbot certificates

It produced this output:

My web server is (include version): OpenLiteSpeed Wordpress

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Vultr

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

Osiris · July 27, 2024, 12:52pm

Did you restart OpenLiteSpeed?

danb35 · July 27, 2024, 1:08pm

This part of the command you ran tells certbot to just issue the new certificate; it doesn't do anything to install, activate, or otherwise tell any of your software to use that new cert. You still need to do that yourself.

But why are you issuing the cert this way? Both sites are open to the public Internet; surely you can automate better than manually doing DNS validation whenever the cert expires.

terrasini · July 27, 2024, 1:43pm

Restarted the server now.
It appears that fixed it.
The message from whynopadlock is
Expiration Date Your SSL certificate is current. Your SSL certificate expires in 88 days. (2024-10-24)

Osiris · July 27, 2024, 1:48pm

You can use --deploy-hook to add a command (with " around it if it contains spaces) to reload the service(s) using the certificate.

terrasini · July 27, 2024, 5:20pm

45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew --deploy-hook "/usr/local/lsws/bin/lswsctrl restart"

I added this crontab...I will see if this auto updates the certificates in the future.
(Thanks Schoen) SSL certificate renewed but browsers not updating with new certificate - #4 by schoen

danb35 · July 27, 2024, 5:32pm

It won't if you used manual DNS validation--you'd need to issue the cert using an automated method. If the sites are open to the Internet, as they are, I'd expect you should be able to use HTTP validation, which is more easily automated.

Osiris · July 27, 2024, 5:51pm

Also, the certbot-auto wrapper script doesn't exist any longer. You should never just copy/paste stuff from somewhere without knowing what it actually does.

And the --deploy-hook is stored in the renewal configuration file for the cert, so it doesn't need to go in the cronjob if it's used once.

system · August 26, 2024, 5:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Even though I have renewed SSL certificate website is showing expired Help	8	876	November 23, 2021
Certbot Not Renewing 1 of 2 domains Openlitespeed Help	2	696	March 13, 2021
Renewal not reflecting on the WWW Help	7	1265	January 10, 2019
Expired Cert On Only Some Pages, Active Certs from Unknown Source Help	4	283	February 3, 2024
Email says cert about to expire, certbot says it's good Help	5	667	September 10, 2020

OpenLiteSpeed Wordpress certbot shows valid certificates site shows expired certificate

Related topics