Remove Old Non-LE Certificates

My domain is: (with subdomains www and webmail)
I ran this command: sudo certbot --apache
It produced this output: a whole bunch of stuff that appears that it was successful
My web server is (include version): apache 2.4.7
The operating system my web server runs on is (include version): Ubuntu 14.04.5 LTS
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

When I first set up this server, I used StartSSL because it was a free SSL certificate. However, it wasn’t the easiest process to get it set up correctly, everything was manual, and there was no automatic renewal. After that certificate expired, I heard about LE. I successfully installed it and it seemed to install just fine. Fast forward to now, my LE certs have expired and I need to renew them. I now see that certbot is a thing, so I install it and run it. It appears to be successful, however when I tested my domains on, I get trust issues. It appears that the old StartSSL certificates are still hanging around, causing my domain to be untrusted. Does certbot have any function to remove old non-LE certificates from my server, or will I have to remove them manually (and possibly screw something up in the process)?

I appreciate any help you guys can give.



It seems one of your virtual hosts got the updated cert:
Valid until Wed, 06 Sep 2017 01:47:00 UTC (expires in 2 months and 28 days)

But the others did not:
Valid until Mon, 13 Jul 2015 03:53:17 UTC (expired 1 year and 10 months ago) EXPIRED

You should be able to manually copy the lines that point to the cert (public/private/chain) from the working virtual host to the others.
restart your web server and you have 2 months and 28 days to fix the auto-updating all vhost problem.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.