Renewal done, but still expired

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: helpdesk.airbeam.tv

I ran this command: sudo certbot certonly --standalone --preferred-challenges tls-sni-01 -d helpdesk.airbeam.tv

It produced this output:TLS-SNI-01 support is deprecated. This value is being dropped from the setting of --preferred-challenges and future versions of Certbot will error if it is included.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert is due for renewal, auto-renewing…
Renewing an existing certificate

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/helpdesk.airbeam.tv/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/helpdesk.airbeam.tv/privkey.pem
    Your cert will expire on 2020-03-03. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version): apache

The operating system my web server runs on is (include version): AWS centos

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Since Certbot wasn’t told how to reload/restart your webserver, you need to do so manually. Otherwise, your webserver will continue to use the certificate it loaded previously.

Do you mean Apache Tomcat?

2 Likes

I restarted it manually by
Systemctl restart httpd

I’m getting this output when running #certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: helpdesk.airbeam.tv
Domains: helpdesk.airbeam.tv
Expiry Date: 2020-03-03 06:48:47+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/helpdesk.airbeam.tv/fullchain.pem
Private Key Path: /etc/letsencrypt/live/helpdesk.airbeam.tv/privkey.pem


I don’t think you are running Apache httpd:

  1. There is no Server response header, which is not possible with Apache httpd.
  2. I see an Apache Tomcat/8.5.34 footer from your error pages.

So I don’t think systemctl restart httpd would be effective on your server.

What is the output of:

systemctl status httpd

● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-12-04 08:18:05 UTC; 1h 17min ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 385 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 391 (httpd)
Status: “Total requests: 312; Current requests/sec: 0.1; Current traffic: 0 B/sec”
CGroup: /system.slice/httpd.service
├─391 /usr/sbin/httpd -DFOREGROUND
├─392 /usr/sbin/httpd -DFOREGROUND
├─393 /usr/sbin/httpd -DFOREGROUND
├─394 /usr/sbin/httpd -DFOREGROUND
├─395 /usr/sbin/httpd -DFOREGROUND
├─396 /usr/sbin/httpd -DFOREGROUND
└─404 /usr/sbin/httpd -DFOREGROUND

Dec 04 08:18:05 ip-172-31-33-230.ec2.internal systemd[1]: Starting The Apache HTTP Server…
Dec 04 08:18:05 ip-172-31-33-230.ec2.internal systemd[1]: Started The Apache HTTP Server.

Actually when I tried to renew there was an error regarding DNS/AAA record. So renewed using the command sudo certbot certonly --standalone --preferred-challenges tls-sni-01 -d helpdesk.airbeam.tv . (Loadbalancer has configured )