Hello and Happy New Year!
I search a bit the forum but have not found anything that helped much (apart from finding lots of useful commands!)
My domain is: ha.ppmt.org
I ran this command: certbot renew
It produced this output: I don't have it but it said it was sucessful
My web server is (include version): Nginx 1.10.3
The operating system my web server runs on is (include version): Debian 9.3
My hosting provider, if applicable, is: my own server
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
I received an email saying that my domain certificate was about to expire so I tried to renew it and eventually got it to renew. It initially complained it was missing a file in :
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory
I ended up copying the directory from the staging directory (probably should not have!):
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org
After that the renewal was successful but even after restarting nginx and even the server the site is not working. I tries to connect but can't do it.
I checked the certificates on my server:
openssl x509 -in /etc/letsencrypt/live/ha.ppmt.org/cert.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
fa:aa:1c:0a:6b:e6:4e:88:b3:2b:f7:50:61:13:54:d4:e3:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Fake LE Intermediate X1
Validity
Not Before: Dec 30 12:32:32 2017 GMT
Not After : Mar 30 12:32:32 2018 GMT
Subject: CN = ha.ppmt.org
I can see that the date is now Marc 30 (it was Jan 18 before).
But in Firefox it still shows Jan 18 but also say that it has blocked some part of the website. If I unblock these part then it tells me the connection is not secure
The owner of ha.ppmt.org has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.
Is there any way to recover this situation?
Thanks in advance
Philippe