Renewal done, but still expired

Hi,

Okay, so changed between http-01 and tls-sni-01. http-01 completes sucessful but tls-sni-01 fails.

Could this be because of the certificate been generated via tls and not http originally?

Checked the links and all is good, no errors.

Thanks.

Hi,

Herei s the output:

-----BEGIN CERTIFICATE-----
MIIGETCCBPmgAwIBAgISA6jbR+byMpuPDp5LSJoO0+YnMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA4MTcxMjE4NDFaFw0x
ODExMTUxMjE4NDFaMB8xHTAbBgNVBAMTFGxhYmVsLnN0b25ldGhyZWUuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSFx6pRcW5QpbI4aTBN6Epsi
tMn8kIQrXBkywm8zKNb/Ap9QJBQ0JCK5eH79QrbHUJevr2r2ymrh5g+qvHctJLiC
RK0O6xUhJwllwlXbB+qEfcQMn8U+dkD51xMpDJamKvpRJ09xbvNsu27DawZYuCmk
7WNGjZ8SHHN19lkZKzUMqS4dvrmNH0+ywl5EvRZirAN+Oxe14qW/TGslPSV/5J7/
mMejEUKD3gqbMzFEzlEK6g3IHqwEU2j58q5I09COm4YnvOUTbXdETQq0kZv3ZtqN
Frv+8B6lqjePD9EeICnI889cLMqHoZB5B9WH4EDLj2A2IbtBG6BkgTT/WDxSiQID
AQABo4IDGjCCAxYwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTzQ/ZDlB4lMjm5nJqv
qRbiEX0Y7zAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEF
BQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
cnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5j
cnlwdC5vcmcvMB8GA1UdEQQYMBaCFGxhYmVsLnN0b25ldGhyZWUuY29tMIH+BgNV
HSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcC
ARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGb
VGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5
aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0
aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcv
cmVwb3NpdG9yeS8wggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQDBFkrgp3LS1Dkt
yArBB3DU8MSb3pkaSEDB+gdRZPYzYAAAAWVICbniAAAEAwBGMEQCID/mQNLADj5x
zbLokkTww4G+HihCpFo8qn0m9LqoCXcXAiBt6LZ/gQvLaRcs1z5fW2ipWt792TM5
s0MSfXQvUBbHtwB1AKRQEmkFWhVUXmIRqze8ED9irlV2pF5LFxRFPhsiEGolAAAB
ZUgJud8AAAQDAEYwRAIgPKd/L8aKQ0oORlsPx/pk9SkVC0XxAyY6OOk2ZxidYOIC
IBKOeVgK8aqjESNVeHFi2AgghLBiBy0EWaXfhifuKEH0MA0GCSqGSIb3DQEBCwUA
A4IBAQCT4ST9DcOiT8xfwBD8m+EfRLtfRT6dAS6ptdYXmATzF89YD6owbhdbLTju
jdX/AyQJ1uPGD94ch9A8EjgTqNNAVmxoGVIo7U7A+/6ITiAoZasI3ZXiXoH8PCWq
e591jkiVhBKcpwcGQiIp5QI9Mq3Ddzxsy90QM/bmAv9cSWsCu9DSBhDC1SfJVSqu
jHHjdzyucmIu4bnsA4NIN1YvMi87SXnFiHWTS8TO7BzDMmYBmKeliUNV72VanqDc
Gr0Aju306u85YZJqwnvRs34aszWOcVNq2GABLB6pyPy3EtQvo/1BXK/Rbu0uaGJf
dQh6W7DuVGymfM3ezuQ0L09c7Pra
-----END CERTIFICATE-----

Thanks.

Can you please share the output of:

ls -al /etc/letsencrypt/{live,archive}/label.stonethree.com

Hi,

Output below:

root@label:~# ls -al /etc/letsencrypt/live/label.stonethree.com
total 12
drwxr-xr-x 2 www-data root 4096 Nov 15 14:22 .
drwx------ 4 root root 4096 Nov 6 15:26 …
-rw-r–r-- 1 www-data root 682 Aug 17 15:18 README
lrwxrwxrwx 1 root root 49 Nov 15 14:22 cert.pem -> …/…/archive/label.stonethree.com-0001/cert1.pem
lrwxrwxrwx 1 root root 50 Nov 15 14:22 chain.pem -> …/…/archive/label.stonethree.com-0001/chain1.pem
lrwxrwxrwx 1 root root 54 Nov 15 14:22 fullchain.pem -> …/…/archive/label.stonethree.com-0001/fullchain1.pem
lrwxrwxrwx 1 root root 52 Nov 15 14:22 privkey.pem -> …/…/archive/label.stonethree.com-0001/privkey1.pem
root@label:~# ls -al /etc/letsencrypt/archive/label.stonethree.com
total 48
drwxr-xr-x 4 www-data root 4096 Nov 15 08:33 .
drwx------ 5 root root 4096 Nov 13 09:56 …
-rw-r–r-- 1 www-data root 2163 Nov 6 15:31 cert1.pem
-rw-r–r-- 1 root root 1923 Nov 15 14:22 cert2.pem
-rw-r–r-- 1 www-data root 1647 Nov 6 15:31 chain1.pem
-rw-r–r-- 1 root root 1647 Nov 15 14:22 chain2.pem
-rw-r–r-- 1 www-data root 3810 Nov 6 15:31 fullchain1.pem
-rw-r–r-- 1 root root 3570 Nov 15 14:22 fullchain2.pem
drwxr-xr-x 2 root root 4096 May 18 15:10 label.stonethree.com
drwxr-xr-x 2 www-data root 4096 Aug 17 15:18 label.stonethree.com-0001
-rw-r–r-- 1 www-data root 1704 Nov 6 15:31 privkey1.pem
-rw-r–r-- 1 root root 1708 Nov 15 14:22 privkey2.pem

Thanks.

Yep, once again, the symbolic links are pointing to ../../archive/label.stonethree.com-0001/... instead of ../../archive/label.stonethree.com/... which is wrong.

You probably don’t want to rename the directories back at this point, since your nginx config is presumably pointed at the current directory. Instead you can delete the symbolic links and recreate them correctly:

cd /etc/letsencrypt/live/label.stonethree.com
rm *.pem
ln -s ../../archive/label.stonethree.com/cert2.pem cert.pem
ln -s ../../archive/label.stonethree.com/chain2.pem chain.pem
ln -s ../../archive/label.stonethree.com/fullchain2.pem fullchain.pem
ln -s ../../archive/label.stonethree.com/privkey2.pem privkey.pem

Hi,

Awesome, it’s resolved. As always, thanks for the help, much appreciated.

Thanks.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.