Renew nightmare

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: ./certbot-auto renew

It produced this output: just renewed not the others

My web server is (include version): apache2 as a proxy to Tomcat. And my app is using spring mvc and spring security so I have no way to enable /.well-known/acme-challenge

The operating system my web server runs on is (include version): Debian

My hosting provider, if applicable, is: Google Cloud

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.30.2

What was the output of “./certbot-auto renew”?

What’s the output of “./certbot-auto certificates”?

What’s wrong?

I can only presume by the topic (“Renew nightmare”) and the recently issued cert Comodo cert (now Sectigo)
that you had a problem with your LE certs and they did not renew and have expired.
But I would be wrong; as shown by the transparency logs ( there exists a valid LE cert that covers those for names for a few more days.

Sadly you probably did not have anything monitoring the cert expiration and although close to expiry you have reached out for help after having paid for another cert.

Nevertheless, we can definitely help you with the LE cert renewal process and its’ automation with certbot. But you will need to provide some more detail…

Also note: The currently used cert covers only 3 of those 4 names:

Hi, many thanks guys, this is one of the helpful support communities. But forget my issue, please. Because I am quiting from Let’s Encrypt. This is a wonderful idea, but I can’t still investing hours and hours every three months. From my point of view you have to improve the way and the time we have to renew. Your current way is good for simple apps, but I have a complex Spring App running behind an Apache proxy with several domains pointing to it. And I am a developer, not a devop or a security expert. So I prefer to pay 20€ by year than investing several hours 4 times a year, because it is far more expensive and a source of stress. I am pretty sure Let’s Encrypt guys can do it far better than it is now. Many thanks, any case.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.