I ran this command: ./letsencrypt-auto --force-renewal -nvv certonly --standalone -d qa-ui.juvlon.in -d qa-ui.juvlon.in
It produced this output:- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/qa-ui.juvlon.in/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/qa-ui.juvlon.in/privkey.pem
Your cert will expire on 2020-02-09. To obtain a new or tweaked
version of this certificate in the future, simply run
letsencrypt-auto again. To non-interactively renew all of your
certificates, run “letsencrypt-auto renew”
If you like Certbot, please consider supporting our work by:
The operating system my web server runs on is (include version): linux
certificate not getting renewed showing that
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
You used --certonly - this doesn’t update the use of the cert [it only gets a cert].
But you also used --standalone which means you had to stop the server to get the new cert [which you did - Congrats!] and then had to restart the server.
Not sure why you had to use --force-renewal - probably an attempt to force the use of the new cert [but that is NOT what that parameter does]
So… how can you have a new cert and have restarted the server while still using an old cert?
Let’s find out.
Please show the following information: ls -l /etc/letsencrypt/live/qa-ui.juvlon.in/ ls -l /etc/letsencrypt/archive/qa-ui.juvlon.in/ ./letsencrypt-auto certificates ./letsencrypt-auto version
SSL Labs sees multiple configurations when accessing your site. One with an expired certificate and missing certificate chain, and one with a valid certificate from September and a correctly configured chain.
Do you have multiple servers behind a load balancer or something?
If any files are found to be using this path: /etc/letsencrypt/live/qa-ui.juvlon.in-0001/
replace that entry with the valid cert path: /etc/letsencrypt/live/qa-ui.juvlon.in/
If any files are found to be using this path: /etc/letsencrypt/live/qa-ui.juvlon.in-0001/
replace that entry with the valid cert path: /etc/letsencrypt/live/qa-ui.juvlon.in/
both certificate are available on this path `/etc/letsencrypt/live