I renewed the certificate using the dry run command. I’ve mentioned the output of the command below - but when I check using SSLshopper or any SSL checking tool the expiry date still remains 9 days.
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sxhssatyanagar.in
http-01 challenge for www.sxhssatyanagar.in
Waiting for verification…
Cleaning up challenges
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/sxhssatyanagar.in/fullchain.pem
My web server is (include version): Apache
The operating system my web server runs on is (include version): Ubuntu 18.04.1 LTS
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0
This doesn't look like the full output of certbot when --dry-run is used. It should also give you a paragraph, congratulating you of a successful test run and advising you to remove the --dry-run option, so you'll get a real certificate.
I used this command now certbot --apache certonly -n -d domain1.com to renew it.
and got the following output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sxhssatyanagar.in
Waiting for verification…
Cleaning up challenges
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/sxhssatyanagar.in-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/sxhssatyanagar.in-0001/privkey.pem
Your cert will expire on 2019-05-18. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew”
If you like Certbot, please consider supporting our work by:
Note: having two certificates (sxhssatyanagar.in as wel as sxhssatyanagar.in-0001 could "confuse" your Apache. It probably only uses one of those certificate. Which one? I have no idea. Removing the second ('extra') sxhssatyanagar.in-0001 certificate lineage could lead to Apache not working any longer, because it tries to load the certificates of the sxhssatyanagar.in-0001 lineage.