I ran this command: “certbot renew --apache” which said there were no certificates needing renewal and then I ran “certbot certonly --force-renew -d tricitiesmediagroup.com” and it appeared to have successfully force renewed the certificate.
My web server is (include version): Apache
The operating system my web server runs on is (include version): Ubuntu 18.04
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0
Issue: My website, tricitiesmeidagroup.com, is still displaying an old certificate and causing https not to work even after attempting to force renew it. Any ideas? Thank you in advance!
(Note that they’re listed twice for Certificate Transparency $reasons, but still.)
Certbot’s certonly command issues a certificate, but Apache needs to be reloaded or restarted in order to use it.
Does it help if you run “sudo apache2ctl graceful”?
It’s unrelated, but do you know why a certificate is being issued once a month? It’s typical for Certbot to renew certificates every 60 days, not every 30. How was Certbot installed? How is it configured to renew certificates? What timers or cron jobs are set up?
How did you install Certbot? If you’re using the apt package, there’s a systemd timer that runs twice a day, renewing certificates when necessary. (There may also be a disarmed cron job.)
The fact that your certificate is getting renewed twice as often as normal suggests that something is off – maybe you have two certificates, or maybe there’s a second timer or cron job that’s running a different command to forcibly renew them.
What’s the output of “sudo certbot certificates”?
What do the configuration file(s) in /etc/letsencrypt/renewal/ contain?
Certbot can be configured to automatically gracefully reload Apache after renewing certificates. If you use certbot --apache without certonly when creating the certificate, Certbot will configure Apache to use it, and will also automatically reload Apache when renewing. You can also set up a deploy hook to do so, for example by using the --deploy-hook command line option when initially creating the certificate, or by putting a script in /etc/letsencrypt/renewal-hooks/deploy/.