Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I’ll try to help you out. Looking at the history of certificates for ettransport.com, I can see that you have 2 unexpired Let’s Encrypt certificates that have been automatically renewing every 60 days as normal:
Your domain registration with GoDaddy for ettransport.com is set to expire at 17:30:33 UTC on 9/12/2020, but might be set up for automatic renewal. I’m not sure about the expiration status for the hosting of your website.
It looks like ettransport.com and www.ettransport.com are still serving a certificate that expired on 8/4 even though a new certificate was generated that expires on 10/3. Similarly, dev.ettransport.com is still serving a certificate that expired on 7/8 even though 2 new certificates were generated that expire on 9/6 and 11/5.
Did you recently change server setups for your website?
It is within the last two years that we had an employee create a new web site for us. I am not sure what the “dev.ettransport.com” would be, or why we would need 2 certificates, I am very inexperienced at this. All I know is that we have been using and advertising our www.ettransport.com website for years and now folks cannot log into it without getting security warnings, as the certificate has expired. And I am also not sure why it would not have simply automatically renewed.
The employee who set up everything is no longer working here and I cannot reach him, I am thinking he may have possibly received some type of renewal notice in his emails but i have not been able to find it. I know the Go Daddy domain registration is set to automatically renew.
How would I determine if he changed server setups when creating the website?
I know this kind of knowledge gap can be challenging when someone leaves. Let's try to tackle things one at a time and see where we arrive.
I am not sure of what dev.ettransport.com would be either, but it currently returns a server error. Based on the "dev" it's possible this could have been used as a sandbox for a copy to safely develop/update the website without affecting the main operation of the website. This would explain why it returns an error, which is not the best situation, but should only be a wart that shouldn't affect anything. The separate certificate in this case is actually wise because it further divorces the operational (production) website from the development site and allows the development site to be hosted on an entirely separate server.
Referencing the information I provided in my first response, renewal certificates were issued, but evidently not installed. Considering that the website is still operational and to your knowledge the website was not moved to a different host, it is my guess that either the renewal process is requiring manual installation of the certificates or there is a configuration problem with installing the new certificates (which is unlikely given the substantial renewal history). There is also the possibility that the webserver simply needs to be restarted once the new certificates have been installed and the renewal process was unable to do so automatically. Therefore, I would suggest doing the following:
Restart the webserver.
Install the already-valid certificate you (should) have along with its corresponding private key.
I understand that you might not know how to accomplish these tasks. To help you with this, you'll need to gather more information about your webserver hosting including the name of the hosting provider and what ACME client is managing your certificates (I'm guessing it's certbot).
My hat's off to you for discovering/deducing the first two. I didn't dig quite that deep. Probably should have though.
It's so rare to see an operational system that's successfully autorenewing, but not successfully installing new certificates. I'm really wondering what's going on.
To be honest, i think this might be another “Failed to reload Nginx issue”. It might be either the reload was done by hand before or there’s some issue with the current nginx configuration.
I know that it IS Digital Ocean that is our hosting provider. I am not sure if Nginx is the web server, or how to find that out. Would the people at Digital Ocean be able to help me at this point?
Sadly, no. Your droplet at DigitalOcean is self-managed, which means the support team will be responsible for any hardware failures that occurred but not any software issues on your droplet.
I didn't dig quite that deep. Probably should have though.