I just updated to the latest version of Certbot! (I love you guys)
I had an expired certificate, but couldn’t seem to update it succesfully.
I’m able to successfully install a new certificate:
~/.local/share/letsencrypt/bin$ ~/.local/share/letsencrypt/bin/certbot-auto certonly \\ --webroot -w /etc/letsencrypt/webrootauth -d usfoodcoop.org -d staging.usfoodcoop.org IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/usfoodcoop.org/fullchain.pem
But Nginx seems to still be serving the old certificate at https://staging.usfoodcoop.org:
staging.usfoodcoop.org uses an invalid security certificate. The certificate expired on August 12, 2016 at 9:23 AM. The current time is August 26, 2016 at 6:32 PM. Error code: SEC_ERROR_EXPIRED_CERTIFICATE ```staging.usfoodcoop.org uses an invalid security certificate. The certificate expired on August 12, 2016 at 9:23 AM. The current time is August 26, 2016 at 6:32 PM. Error code: SEC_ERROR_EXPIRED_CERTIFICATE
Or maybe I’m misunderstanding how the certificates work. Is there a central database somewhere that the browsers check with?
I tried moving the old
/etc/letsencrypt/ directory and creating a new directory:
mkdir -p /etc/letsencrypt/webrootauth
Ran the above cert command and now there are other directories:
drwx------ 3 root root 4096 Aug 26 16:22 accounts drwx------ 3 root root 4096 Aug 26 16:26 archive drwxr-xr-x 2 root root 4096 Aug 26 16:26 csr drwx------ 2 root root 4096 Aug 26 16:26 keys drwx------ 3 root root 4096 Aug 26 16:26 live drwxr-xr-x 2 root root 4096 Aug 26 16:26 renewal drwxr-xr-x 3 root root 4096 Aug 26 16:26 webrootauth
But Firefox is still getting the old certificate. I know it’s my ignorance at fault and am hoping someone can clue me in. Is there an Nginx config that might be pointing to the old certificate? I looked and there are only four
.pem files on the server.
$ sudo find / -name "fullchain.pem" /root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/tests/testdata/live/sample-renewal/fullchain.pem /home/michael/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/tests/testdata/live/sample-renewal/fullchain.pem /opt/letsencrypt/certbot/tests/testdata/live/sample-renewal/fullchain.pem /etc/letsencrypt/live/staging.usfoodcoop.org/fullchain.pem
(Plus now this one: