Hi,
I'm so happy to have found this thread as I have a similar problem. I'm running Ubuntu 22.04 on a Linode. My site, cubes.sindyxr.com, alerts to an expired certificate. According to the certificate information reported by the browser states that it expired on June 29, 2023.
Running certbot from my console shows only one certificate that expires in 90 day, it does not find the expired certificate. How can I find the expired certificate? Running the command @rg305 suggests results in the following--
nginx: [warn] conflicting server name "cubes.sindyxr.com" on [::]:80, ignored
nginx: [warn] conflicting server name "pincubed.com" on [::]:80, ignored
nginx: [warn] conflicting server name "cubes.sindyxr.com" on 0:0:0:80, ignored
nginx: [warn] conflicting server name "pincubed.com" on 0:0:0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
ssl_certificate_key /home/dokku/collavr/tls/server.key;
ssl_certificate_key /home/dokku/pin3d/tls/server.key;
Any advice/direction would be greatly appreciated.
I have moved your post to a new thread, as it's actually not similar as the previous thread. That said, the command provided by Rudy in that thread does actually help:
Certbot does not store the renewed certificates in that location. It uses /etc/letsencrypt/live/. Did you perhaps copy the certs from the /live/ directory into your home directory?
Thanks so much @Osiris, appreciate the response and moving the post to its own thread. I inherited this site so am not sure if the previous admin moved the certs. Does certbot look for certs only in the /etc/letsencrypt/live/ directory? I am not sure why when I run 'certbot certificates' the only certificate returned is the newly created certificate. Can you provide some guidance on how to remove the expired certificate? I can't seem to find information on how to do this.
That's the location where Certbot stores its issued certificates. And it's also the only location where it looks, using the renewal configuration files in the /renewal/ directory of /etc/letsencrypt/.
Did you expect Certbot to find the certificate in /home/dokku/? Because that would be highly unlikely and would have entailed heavy manual modifications of files in /etc/letsencrypt/ which is not recommended.
It's hard to give proper advice. Usually, I'd say "simply use the files in /etc/letsencrypt/live/ in your nginx configuration", but it's IMO quite unusual to have the certificates in a /home/ directory to begin with. So without knowing your exact situation, it's not really possible IMO to give proper advice.
It's not that unusual to configure certbot to have a deploy hook to copy the certificates to some other location to actually be used by some software. But agreed, we're random people on the Internet and so aren't aware of why this server is set up the way that it is.
I mean, it's possible that the previous admin manually copied the certificates to that location upon each renewal, either through not realizing that certbot had deploy hooks to do that sort of thing automatically or just as a poor form of trying to have some job security . And doing that would probably get your site up and running again in the meantime until you figure out how and what you want to change to have renewals handled all automatically as intended.
Regarding renewals: Please check the /etc/letsencrypt/renewal folder to see what files are in there. Only domains listed in that folder are managed and renewed automatically.
If your domain(s) are missing from that folder, the easiest thing to do is to run certbot to issue new certificates. After that check the /etc/letsencrypt/renewal folder to make sure the domain shows up in there.
Thank you all for taking the time to respond. Turns out that the certificates were generated using dokku. Running dokku letsencrypt:auto-renew updated the expired certificates and the issue was resolved.
. And doing that would probably get your site up and running again in the meantime until you figure out how and what you want to change to have renewals handled all automatically as intended.