Renew certificate help

Help
1

The certificate is expired, I renewed it but it’s still if I visit the site it says “Not secure” certificate is expired. I restarted the server but still same issue.

My domain is: private api

I ran this command:
#sudo openssl x509 -in /etc/letsencrypt/live/api.example.net/cert.pem -text -noout
Validity
Not Before: Jan 31 14:31:17 2018 GMT
Not After : May 1 14:31:17 2018 GMT

#sudo netstat -ptan | grep LISTEN
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 962/mongod
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 971/sshd
tcp6 0 0 :::22 :::* LISTEN 971/sshd

My web server is (include version): nodjs

The operating system my web server runs on is (include version): ubuntu 14.04

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

2

sudo netstat -ptan | grep LISTEN
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 962/mongod
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 971/sshd
tcp6 0 0 :::22 :::* LISTEN 971/sshd
tcp6 0 0 :::3000 :::* LISTEN 1834/node
tcp6 0 0 :::3001 :::* LISTEN 1834/node
tcp6 0 0 :::8443 :::* LISTEN 1834/node

3

Hi @thamerfa,

You can run certbot certificates to get a summary of all of the certificates that are installed and their expiration dates.

One possibility that comes to mind is that you might have specified a slightly different set of domain names in your certificate request when you obtained the original certificate and when you obtained the new certificate. In that case, one of them would be in /etc/letsencrypt/live/api.example.net-0001 or something similar to that because they would be managed as separate certificates. This has often confused users because they ended up with separate certificates without necessarily intending to, and of course their web server software was pointed at only one of the certificates.

Another possibility is that your web server is configured to point at something other than the auto-updated version in live; for example, if it’s pointed at the static version in archive, or at a copy that you made with cp, then it would still serve the old certificate even though a newer one is present.

4

Hi @schoen,
Thank you for your reply.

This is the certbot certificates result:

sudo ./certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: api.example.net
Domains: api.example.net
Expiry Date: 2018-05-01 14:31:17+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/api.example.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/api.example.net/privkey.pem

I think it found only one certificate, and already checked the /etc/letsencrypt/live, only one folder exists.

Blockquote Another possibility is that your web server is configured to point at something other than the auto-updated version in live; for example, if it’s pointed at the static version in archive, or at a copy that you made with cp, then it would still serve the old certificate even though a newer one is present.

How can I make sure I'm not doing this?

Sometimes I got this error when run letsencrypt commands , not sure if it's related to the issue I'm having

Failed to find executable apache2ctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
5

How did you install the certificate in your web server after you obtained it?

Do you also have a copy of Apache installed on this machine?

6

I don’t really remember how I installed the certificate, I followed some online tutorial. I’m not using apached. I use Nodejs with express.

7

Already fixed… was my mistake. I copied the certs manually on the folder and didn’t use the actual certs. Now all set. Thank you for trying to help.

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.