Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
sudo certbot certificate
It produced this output:
Certificate Name: webmail.tdcreative.nz
Serial Number: the number
Key Type: RSA
Expiry Date: 2023-05-01 22:18:46+00:00 (VALID: 89 days)
Certificate Path: the path
Private Key Path: the path
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: dovecot/postfix
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): dashboard and console
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.32.2
I have force renewed it already and it shows it is valid. I did it from then route. However, some of our clients are getting certificate not valid or expired notices so I am very confused. Any help would be appreciated.
If there is any other information needed let me know.
Certbot doesn't know how to tell Dovecot or Postfix about the existence of the newly-renewed certificate, so it might be necessary to reload or restart these services manually, or provide a --deploy-hook to Certbot with a script or command line that restarts the affected services after a renewal.
Well, that was unnecessary unfortunately. I see you've wasted two perfectly fine certificates indeed.
Forced renewal only makes sense if you want to change something to the contents of an already issued certificate, e.g. add or remove OCSP "must staple" or change the key lengt/type et cetera. If issuance was not an issue to begin with and you don't need to change the contents of the cert, there is absolutely no reason to force a renewal as it will not fix anything that went wrong the first place.
Thank you so much!!! I didn't notice that earlier!!!
I will take a look into how to renew that port now! Is there a safe way to do it?
(I'm sorry if my questions are kind of shallow...I don't know a lot when it comes to this area. Just started learning a few days ago.)
It was an old employee who decided to set up a old mail server at some point...
I actually have no information of how it was exactly done.
I know someone who works remotely did renew them a few months ago. But they ran into the same problem again. Since now I know a port has expired I wonder if the SSL cert didn't actually renew for anyone and needs to be done by port?