My SSL certificate expired today even though I’d set a cron task to automatically renew (by running /opt/letsencrypt/letsencrypt-auto renew)
I’ve checked the logs and it seems that the renewal was successful. Checking the /etc/letsencrypt/archive/{domain}/ folder shows the cert2.pem, chain2.pem, fullchain2.pem and privkey2.pem files and checking the /etc/letsencrypt/live/{domain}/ folder shows that cert.pem, chain.pem, fullchain.pem and privkey.pem are being symlinked over to these files. So this all seems correct.
I don’t really know what else to try. I’m quite new to this and don’t really have a lot of experience managing servers. If someone could point me in the right direction I’d be very grateful. Thanks
Sure OK - it’s buttercupstraining.co.uk. I set this up through bitnami, so I think it’s bitnami.conf file. In which I’ve got
<VirtualHost _default_:443> DocumentRoot "/opt/bitnami/apache2/htdocs" Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" SSLEngine on SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt" SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key" SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt"
There’s also a httpd-ssl.conf file where I’ve got SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt" and SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key" uncommented.
You did obtain a new cert on 25th July - so that has updated OK (i.e. you cron is running correctly )
Your apache config is not pointing to the new certs though. You can either correct the path in your conf file (from /opt/bitnami/apache2/conf/‘cert’ to /etc/letsencrypt/live/buttercupstraining.co.uk/‘cert’ ) or you could setup a symlink (it depends if bitnami uses that elsewhere … I don’t use bitnami so can’t say ).
Once you have updated the apache config though, and reloaded apache hopefully all will be good.
Thanks for the reply, that sounds promising. Just double checking as it doesn’t seem a like for like swap. So where I’ve got SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt" currently, I’d replace with /etc/letsencrypt/archive/{domain}/cert.pem ?
SSLCertificateFile (was server.crt ) should be cert.pem
SSLCertificateKeyFile ( was server.key) should be privkey.pem
SSLCertificateChainFile (was server-ca.crt ) should be chain.pem