My domain is (while there are others this is the primary one I care about): apps.marketingresources.com
I ran this command: ./certbot-auto renew --no-self-upgrade
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/apps.marketingresources.com.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for apps.marketingresources.com
Waiting for verification…
Cleaning up challenges
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/apps.marketingresources.com/fullchain.pem
Processing /etc/letsencrypt/renewal/demo.marketingresources.com.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for demo.marketingresources.com
Waiting for verification…
Cleaning up challenges
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/demo.marketingresources.com/fullchain.pem
Processing /etc/letsencrypt/renewal/weblab.marketingresources.com.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for weblab.marketingresources.com
Waiting for verification…
Cleaning up challenges
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/weblab.marketingresources.com/fullchain.pem
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/apps.marketingresources.com/fullchain.pem (success)
/etc/letsencrypt/live/demo.marketingresources.com/fullchain.pem (success)
/etc/letsencrypt/live/weblab.marketingresources.com/fullchain.pem (success)
My web server is (include version): Apache 2.2.22 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 12.04
My hosting provider, if applicable, is: Self-hosted
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): 0.31.0
Apache Conf (relevant lines):
SSLCertificateFile /etc/letsencrypt/live/apps.marketingresources.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/apps.marketingresources.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/apps.marketingresources.com/chain.pem
Sym Links:
cd /etc/letsencrypt/live/apps.marketingresources.com/
ls -la
Nov 18 12:21 cert.pem -> …/…/archive/apps.marketingresources.com/cert18.pem
Nov 18 12:21 chain.pem -> …/…/archive/apps.marketingresources.com/chain18.pem
Nov 18 12:21 fullchain.pem -> …/…/archive/apps.marketingresources.com/fullchain18.pem
Nov 18 12:21 privkey.pem -> …/…/archive/apps.marketingresources.com/privkey18.pem
At first I ran the same command without --no-self-upgrade and it updated itself and failed, so I had to remove and download 0.31.0 specifically to get the renew to even run. After successful renewal apache was manually restarted, but the site still shows an expired cert. I’ve run out of ideas, it’s almost as if Apache is just ignoring the new files.