So follow up thought. I think I know why this happened. I am still running the certbot command manually and getting the PEM files. Then I manually copy them to ....
sudo mv ./cert1.pem /etc/ssl/certs/cert.pem
sudo mv ./privkey1.pem /etc/ssl/private/privkey.pem
sudo mv ./chain1.pem /etc/ssl/certs/chain.pem
Notice the /etc/ssl/certs dir? I bet I had the old intermediate cert in here as a result of this practice. Hmm.
There is so much wrong with that.
Please tell us you have since changed your (nearly sinful) ways!
Lol, now I’m embarrassed. I totally do still manually every 90 days issue the certbot command with DNS verification, manually go over to DNS and update txt records, then finally get a new set of chain,cert, and privkey pem files. I usually do this on my Windows desktop using WSL, then use WINSCP to move the files to two different Ubuntu/Apache web servers of mine. It’s sort of awful, but I’m not that familiar with the automated process.
For a long time I would copy the certs to the ssl directly with a name matching the day and time, rather than overwriting the old files. Then I would have to go into the default-ssl.conf and update the certificate name there. Bounce Apache service. One server is an ownCloud machine, the other is just a wordpress box.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.