Replacing LE cert due to expiry issue

My domain is:

My web server is (include version): Apache/2.4.46 (Unix)

The operating system my web server runs on is (include version): Debian 4.19

My hosting provider, if applicable, is: Bitnami on Google Cloud

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No


I currently have a LE cert installed on the site mentioned above. Users who have contacted us have been experiencing issues. Of course my concern is the ones who don't contact us, and just don't use us. My understanding is that there is little I can do about this as it's primarily a consumer device issue, so all logic seems to be pointing towards replacing the SSL cert with a paid one.
1st question is: Is my logic correct
2nd question is: If I'm replacing the LE Cert, do I need to do anything before starting the process of installing the Comodo cert? I'm low key anxious about messing it up :see_no_evil:

Thanks in advance!


Welcome to the Let's Encrypt Community :slightly_smiling_face:


Currently, is serving the long/default chain. You could try serving the short/alternate chain by removing the last intermediate certificate from your chain (cross-signed ISRG Root X1 signed by DST Root CA X3).

Your analysis is correct. See @Osiris's post below.

No. You can just point your Apache configuration (using the bitnami tools, not directly) to the other certificate, chain, and key then let the Let's Encrypt certificate expire naturally. No need for revocation.


Why not a cert from one of the other free CA's?


Thanks @Osiris, do you know who else does free wildcard ssl's?


Hi @griffin!
Thank you for your feedback. I'm learning as I go here. I'll try find out how to do that in Bitnami and see how it goes.
Hopefully I'll report back with good news! :grinning:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.