Time for renewal to show

I successfully renewed a domain and got:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/alouha.dk/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/alouha.dk/privkey.pem
    Your cert will expire on 2020-12-06. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

I have also checked the server and a new key is located there. However, when I test the certificate in the browser it is still the old date that show.

Is there a certain delay on when it will pull the new certificate or?

I know that when in doubt reboot Apache or the server, but if I can I would prefer to avoid it :slight_smile:

Every time you renew a certificate, the previous certificate is replaced with a new certificate.

For Apache to pick it up, it has to be reloaded or restarted. Otherwise, it continues to use the certificate it originally loaded, kept in memory.

If you use the Certbot Apache plugin, then Certbot will automatically reload Apache after a certificate renewal, and the new certificate takes effect immediately.

if you renewed your certificate without using the Certbot Apache plugin (for example, if you used certbot certonly), then it’s possible that Apache was not reloaded.

In that case, you do need to reload Apache manually, using e.g. service apache2 reload. This doesn’t interrupt traffic, so there’s no reason to be scared of doing it.

Usually you will want to either use the Apache plugin (certbot --apache), or issue your certificate with e.g. --deploy-hook "service apache2 reload", so it is done for you automatically at every renewal.

2 Likes

Worked! Thanks a lot!

1 Like