Site not working after expired cert renewed

Brian55 · August 15, 2017, 4:10pm

This is the same script that I have used before successfully.
After I ran it, I received the following…

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/oakleaf.co.uk-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/oakleaf.co.uk-0001/privkey.pem
Your cert will expire on 2017-11-13. To obtain a new or tweaked
version of this certificate in the future, simply run
letsencrypt-auto again. To non-interactively renew all of your
certificates, run “letsencrypt-auto renew”

script: sudo -H ./letsencrypt-auto certonly --standalone --renew-by-default -d oakleaf.co.uk -d www.oakleaf.co.uk

Is it just taking longer than usual or is there something wrong?

schoen · August 15, 2017, 4:25pm

When you use --standalone, your web server isn’t restarted for you unless you specify a --renew-hook command to restart it. The web server doesn’t notice changed certificates until it’s restarted.

So, if you restart your web server, it should see the new certificate.

The presence of the -0001 also means that you have more than one Certbot-managed certificate related to this domain. This might not have been what you intended. You can see the details of what you have by running ./letsencrypt-auto certificates. If your web server is configured to use the other one, renewing this one won’t affect the web server configuration at all.

sahsanu · August 15, 2017, 4:27pm

I would double check that your nginx server is using the right path to fullchain.pem and privkey.pem files. It is /etc/letsencrypt/live/oakleaf.co.uk-0001/ and maybe in your nginx conf you are using /etc/letsencrypt/live/oakleaf.co.uk/ without the trail -0001.

Cheers,
sahsanu

Brian55 · August 15, 2017, 6:18pm

Thanks for the help. Unfortunately, the reboot didn’t work.

Below is my list of certs and it does look as though there are two, one with the -0001 and one without.
Could I ask what is the best way of solving this?

Found the following certs:
Certificate Name: www.shopvacuk.com
Domains: www.shopvacuk.com
Expiry Date: 2017-10-24 06:18:00+00:00 (VALID: 69 days)
Certificate Path: /etc/letsencrypt/live/www.shopvacuk.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.shopvacuk.com/privkey.pem
Certificate Name: oakleaf.co.uk-0001
Domains: oakleaf.co.uk,www.oakleaf.co.uk
Expiry Date: 2017-11-13 14:50:00+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/oakleaf.co.uk-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/oakleaf.co.uk-0001/privkey.pem
Certificate Name: oakleaf.co.uk
Domains: oakleaf.co.uk,dev.oakleaf.co.uk,www.oakleaf.co.uk
Expiry Date: 2017-08-13 07:26:00+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/oakleaf.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/oakleaf.co.uk/privkey.pem
Certificate Name: shopvacuk.com
Domains: shopvacuk.com
Expiry Date: 2017-10-19 12:46:00+00:00 (VALID: 64 days)
Certificate Path: /etc/letsencrypt/live/shopvacuk.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/shopvacuk.com/privkey.pem
Certificate Name: dev.shopvacuk.com
Domains: dev.shopvacuk.com
Expiry Date: 2017-09-23 08:51:00+00:00 (VALID: 38 days)
Certificate Path: /etc/letsencrypt/live/dev.shopvacuk.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/dev.shopvacuk.com/privkey.pem
Certificate Name: dev.oakleaf.co.uk
Domains: dev.oakleaf.co.uk
Expiry Date: 2017-09-23 08:54:00+00:00 (VALID: 38 days)
Certificate Path: /etc/letsencrypt/live/dev.oakleaf.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/dev.oakleaf.co.uk/privkey.pem

schoen · August 15, 2017, 6:21pm

Do you you want to have the separate versions with and without dev.oakleaf.co.uk?

Brian55 · August 15, 2017, 7:15pm

Sorry for the delay, I had to go out. No the dev site is finished now.

system · September 14, 2017, 7:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.