Renew CERT on expired one ERROR

Using wordpress on my personnel windows server.
I make an ssl cert 2 month ago. But the auto renew cron does not works automaticly.
So my certificate has expired yesterday.

Certbot certificates says :
Found the following certs:
Certificate Name:
Serial Number: 36c584d8239cceac6f7e068452688756b4c
Key Type: RSA
Expiry Date: 2022-05-26 09:18:29+00:00 (INVALID: EXPIRED)
Certificate Path: C:\Certbot\live\\fullchain.pem
Private Key Path: C:\Certbot\live\\privkey.pem

When i do a certbot renew, all seems good in messages :
Processing C:\Certbot\renewal\

Renewing an existing certificate for and 2 more domains

Congratulations, all renewals succeeded:
C:\Certbot\live\\fullchain.pem (success)

And when after i ask for certificates : all seems ok :
Found the following certs:
Certificate Name:
Serial Number: 36c584d8239cceac6f7e068452688756b4c
Key Type: RSA
Expiry Date: 2022-08-24 18:30:56+00:00 (VALID: 89 days)
Certificate Path: C:\Certbot\live\\fullchain.pem
Private Key Path: C:\Certbot\live\\privkey.pem

But when i ask my site, i still get err cert expired from all browsers.... Seems like the internet autority is not informed of my renewed certificate.
Is it really possible to renew a certif just after the day it has expired ?
If yes, whats going wrong.


Welcome to the community @Panza

Your new certificate was issued but your server is not sending it out.

Did you restart Apache after getting the new cert?

You did not show the certbot command you used to request the cert. Some forms will restart Apache for you but some options do not.

If that doesn't solve the problem, please show the certbot command options.


Thanks, I restarded all the computer and system...
I dont remember the cerbot command i used to request the first time... it was 45 days old...
How show you the cerbot command options ?

Actually, I'd like to see your Apache details first. Can you show result of this:

httpd.exe -S

VirtualHost configuration:
*:80 localhost (D:/wamp64/bin/apache/apache2.4.51/conf/extra/httpd-vhosts.conf:3)
*:443 localhost (D:/wamp64/bin/apache/apache2.4.51/conf/extra/httpd-vhosts.conf:20)
ServerRoot: "D:/wamp64/bin/apache/apache2.4.51"
Main DocumentRoot: "D:/wamp64/www"
Main ErrorLog: "D:/wamp64/logs/apache_error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="D:/wamp64/bin/apache/apache2.4.51/logs/" mechanism=default
Mutex authdigest-opaque: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "D:/wamp64/bin/apache/apache2.4.51/logs/"
Define: APACHE24=Apache2.4
Define: VERSION_APACHE=2.4.51
Define: INSTALL_DIR=d:/wamp64
Define: APACHE_DIR=d:/wamp64/bin/apache/apache2.4.51
Define: SRVROOT=d:/wamp64/bin/apache/apache2.4.51

And can you show the contents of this file? Thanks


I think youre looking for that :
SSLEngine on
SSLCertificateFile "${INSTALL_DIR}/ssl/certs/fullchain.pem"
SSLCertificateKeyFile "${INSTALL_DIR}/ssl/keys/privkey.pem"
SSLCertificateChainFile "${INSTALL_DIR}/ssl/certs/fullchain.pem"
Those files are effectivly the olds ... I dont know where cerbot generate the news

1 Like

Certbot placed them here. It looks like you made a copy of them to the folder named by Apache. So, you need to copy them there again. Or, change your Apache to refer directly to the certbot live folder.


You put me on the right way, thanks Mike.
Cerbot is installed on C:, it genrates certs on C.
I missed that my copy for WP was on D:...
I was unable to find certs in LIVE directory. I found fullchain2 and provjky2 in archive directory.
I renamed it and copied it on D:....
Why live is empty ?

There should be symlinks in LIVE that point to the latest files in ARCHIVE. Normally you have your server use the file names in LIVE and those are always the latest.

I don't know Certbot and Windows all that well to know why the symbolic links would not exist. Did you run certbot with admin privileges?

What does this look like?

dir /s C:\Certbot 

What did you do?


LIVE as symlink shortlink,; yes, put they point to nothing.
I used the lasts fullchain and privkays in archive dir, and renamed and put it in my WP/ssl dir...
Thanks all is working now.

I take the last privkeys and fullchain in archive dir. It was fullchain1.pen, renamed as fullchain.pem and placed in the correct WP Dir

Did you do something like that when you first got the cert too?

Because I think you broke the symlink when you renamed the target file in ARCHIVE
(I just tried something similar on a Windows machine)

You could try this:

certbot update_symlinks

Whaou ... i have an error.... works but does not : NET::ERR_CERT_COMMON_NAME_INVALID

You never created a cert that included the www name. Look at the domain names in the cert in your first post.

You need to add the www names to your certbot command too.


I really dont remember how i do to get those...
must put a certbot certonly -d ?
It will be added with no erase of others ?

Not that way.
You need a new cert with both names on it:
certbot certonly -d -d

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.