Reinstalling an expired cert not successful

Is there a CDN or caching device in front of your system?

What do you mean gateway?
What type of device is that?

1 Like

My ISP provides a block of 8 IP addresses for my servers and a 'Gateway IP' provided by the ISP is configures in my firewall.

I can't reach IP 162
IP 171 is showing a cert that doesn't exist on your server.
Something else is serving that cert.

Let's try a short experiment:
Shut down Apache
See if your site is still reachable.

1 Like

The certbot ssl certs have worked perfectly fine for more than 2 yrs.
Only this time, when I attempted to request for a new cert to replace expired cert I got into this issue.

I do completely understand you, please recall our conversation:

I recall it and I'm old and it's 4:30 in the morning here - LOL

1 Like

Let me know once you have stopped Apache.

1 Like

Sorry, but I will have to let you go.
You can test that yourself:

  • stop apache
  • check site with sslshopper

If it is still visible, then you see that there is something else responding.
Try rebooting the gateway.
Try checking the configuration on the gateway - how do connections to IP 171 get to IP 162 ?
[that sounds like the whole problem - you might have another copy of your server on IP 171]

good night and good luck

Cheers :beers:

1 Like

I cannot anything with the gateway IP.
Please go ahead to get some sleep.
Thanks so much for walking through this process.
I will continue to test on my own and will let you know what I find.
Bye

I managed to track down the issue. We had duplicated the server to a new server with a different IP address. I was updating the SSL in the old server that had a different IP address which did not match with the A record for the domain. Sorry to have taken up so much of your time working late to track down the issue. Thanks a lot for your support. Learnt a lot in the process and will be able to avoid such mix up in future.

I still have to wait for the 168 hrs to run out before I can get a new cert to the new server. No choice but to wait.

1 Like

Separately, I do need help to update the certbot version. Will search for any topics on this issue posted by others.

Thankfully, the SSL for the domain 'tcc.planchurch.com' works ok now. Somehow the issue got resolved.

See: https://certbot.eff.org/

1 Like

Thanks. Will refer to the url for instruction on migrating to 'snap' based certbot.

1 Like