Renew ssl certificate

mysameer · March 8, 2023, 12:12am

i have renewed my ssl cetificate but still url show not secure can anyone help me

Certificate Name: sameer.app
Serial Number: 457198902bfceaa0463a3fae26b429****I
Key Type: ECDSA
Domains: sameer.app *.sameer.app
Expiry Date: 2023-06-05 21:41:16+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/sameer.app/fullchain.pem
Private Key Path: /etc/letsencrypt/live/sameer.app/privkey.pem

MikeMcQ · March 8, 2023, 12:21am

Answers to the other questions on the form would be very helpful.

Can you also describe what you mean by "url show not secure"? Exactly what url is showing not secure? Because I can't even find a DNS A record (an IP record) for that domain so can't even guess what it might be.

=============================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

mysameer · March 8, 2023, 12:51am

i am sorry i was not clear before

this is the exact certificate
Certificate Name: supervisionspace.app
Serial Number: 457198902bfceaa0463a3fae26b42930c64
Key Type: ECDSA
Domains: supervisionspace.app *.supervisionspace.app
Expiry Date: 2023-06-05 21:41:16+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/supervisionspace.app/fullchain.pem
Private Key Path: /etc/letsencrypt/live/supervisionspace.app/privkey.pem

_az · March 8, 2023, 12:59am

Sounds like you haven't reloaded nginx.

service nginx reload

Usually you would get Certbot to do this automatically for you upon renewal. Assuming you use an up-to-date version of Certbot, you can tell Certbot to do this in future by running:

certbot reconfigure --cert-name supervisionspace.app --deploy-hook "service nginx reload"

mysameer · March 8, 2023, 1:11am

yes i have deployed DNS TXT record in AWS where the domain is created .

also i have done this before renewing the certificate. previously it was error with port 443 which was running by nginx web server out side the nginx docker container.
i stopped the nginx webserver and kill the useless process running on 443 port . the problem was resolved .

but this time its not working

i apologise in advanec if i am not asking it in sorted way but need to solve this issue. please ask me quetions i will reply what steps i have done till now

mysameer · March 8, 2023, 1:16am

this is what i am getting when in curl http://supervisionspace.app

curl: (60) SSL certificate problem: certificate has expired
More details here: curl - SSL CA Certificates

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

but when i certbot certificates
its
Certificate Name: supervisionspace.app
Serial Number: 457198902bfceaa0463a3fae26b42930c64
Key Type: ECDSA
Domains: supervisionspace.app *.supervisionspace.app
Expiry Date: 2023-06-05 21:41:16+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/supervisionspace.app/fullchain.pem
Private Key Path: /etc/letsencrypt/live/supervisionspace.app/privkey.pem

rg305 · March 8, 2023, 2:19am

Maybe if you had answered the questions we would know what we are dealing with.
See post #2: Renew ssl certificate - #2 by MikeMcQ

My says: ... Your web server is NOT using the cert shown ...

Seems that is all it can tell me at this time.

You could try restarting nginx.
If that doesn't resolve the problem...
Try reviewing the nginx config to see where it is picking up the expired cert from.
And replace that path with the path to the renewed cert:

mysameer · March 8, 2023, 3:12am

yes

i found that my niginx default.conf file is
ssl_certificate /etc/letsencrypt/live/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

and when i create new certificate the path is
Certificate Path: /etc/letsencrypt/live/supervisionspace.app/fullchain.pem
Private Key Path: /etc/letsencrypt/live/supervisionspace.app/privkey.pem

should i copy the /etc/letsencrypt/live/supervisionspace.app/fullchain.pem TO /etc/letsencrypt/live/fullchain.pem
and /etc/letsencrypt/live/supervisionspace.app/privkey.pem TO /etc/letsencrypt/live/privkey.pem

_az · March 8, 2023, 3:14am

This is wrong. Each of these should point to the subdirectory e.g. /etc/letsencrypt/live/supervisionspace.app/fullchain.pem. Files should not be stored directly inside /etc/letsencrypt/live/.

rg305 · March 8, 2023, 3:44am

No.
I wrote what you should do:

mysameer · March 8, 2023, 3:46am

Thank you so much problem resolved

there is a docker compose file where the volume path of the container is

nginx:
image: nginx:1.16.0-alpine
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/common:/etc/letsencrypt/
- ./configs/ssl:/etc/letsencrypt/live
ports:
- "80:80"
- "443:443"
restart: always

i just need to copy those key into this and restart the container

Thank you once again i got the idea with your help .

system · April 7, 2023, 3:46am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.