Renewing SSL in Debian 8.3


#1

My SSL certificate expired today even though I’d set a cron task to automatically renew (by running /opt/letsencrypt/letsencrypt-auto renew)

I’ve checked the logs and it seems that the renewal was successful. Checking the /etc/letsencrypt/archive/{domain}/ folder shows the cert2.pem, chain2.pem, fullchain2.pem and privkey2.pem files and checking the /etc/letsencrypt/live/{domain}/ folder shows that cert.pem, chain.pem, fullchain.pem and privkey.pem are being symlinked over to these files. So this all seems correct.

I’ve just restarted apache manually now too but this hasn’t made a difference and my certificate is still showing as expired when I run the test at https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest

I don’t really know what else to try. I’m quite new to this and don’t really have a lot of experience managing servers. If someone could point me in the right direction I’d be very grateful. Thanks


#2

Are you happy to provide your domain name ?

what location in the apache.conf pointing to for the SSL certificates ?


#3

Sure OK - it’s buttercupstraining.co.uk. I set this up through bitnami, so I think it’s bitnami.conf file. In which I’ve got

<VirtualHost _default_:443> DocumentRoot "/opt/bitnami/apache2/htdocs" Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" SSLEngine on SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt" SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key" SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt"

There’s also a httpd-ssl.conf file where I’ve got SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt" and SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key" uncommented.

Hope that helps


#4

It does, thanks

You did obtain a new cert on 25th July - so that has updated OK (i.e. you cron is running correctly )

Your apache config is not pointing to the new certs though. You can either correct the path in your conf file (from /opt/bitnami/apache2/conf/‘cert’ to /etc/letsencrypt/live/buttercupstraining.co.uk/‘cert’ ) or you could setup a symlink (it depends if bitnami uses that elsewhere … I don’t use bitnami so can’t say ).

Once you have updated the apache config though, and reloaded apache hopefully all will be good.


#5

Thanks for the reply, that sounds promising. Just double checking as it doesn’t seem a like for like swap. So where I’ve got SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt" currently, I’d replace with /etc/letsencrypt/archive/{domain}/cert.pem ?


#6

Yes,

SSLCertificateFile (was server.crt ) should be cert.pem
SSLCertificateKeyFile ( was server.key) should be privkey.pem
SSLCertificateChainFile (was server-ca.crt ) should be chain.pem


#7

Fantastic, that’s worked a treat. Thank you so much for your help :slight_smile:


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.