Users cannot see renewed certificate

I have created a certificate using certbot (certbot 1.11.0) and after using it for 3 months it expired.

I ran the command certbot renew which was executed successfully
On my local machine, I have no problem accessing the site (already worked a few minutes the renewal) but some of my team members are still getting the same error (this is after clearing cache)
(this is more than a week after renewing)

The webpage at https://XXXXX/#/ might be temporarily down or it may have moved permanently to a new web address.

Is there anything else I need to do when I renew the certificate?
Thanks

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

my domain name is XXX.lynx.md
I am running on Amazon Linux, and yes I can log into a root shell (not using any control panel)

version is certbot 1.11.0

If it's about a hostname which resolves to the IP address 172.20.130.57: that's a private IP space, so cannot be debugged from the internet, so from my end I have no idea what's going on.

I also have no clue what webserver is used, so cannot provide any other recommendations on how to proceed.

Hi @maya-harel, and welcome to the LE community forum

You must have a working HTTP site before you can use it for HTTP-01 authentication.
Can your site be reached from the Internet?

My site is reachable from behind a VPN

Then, if it can't be reached by the general Internet, you can't use HTTP-01 authentication.

@rg305 OP claims a certificate has been issued (renewed even) already. With the sparse info we've got, the issue probably lies with the webserver.

Can we see the output of:
certbot certificates

And have you restarted the web service?

That's not normally the message we'd see if the certificate was expired. That looks more like a server config problem. Although, maybe your VPN uses this kind of message.

It is difficult to advise without you sharing more details. But, it looks like you are describing your "...openvpn...." cert. You created one Jun27 (3 months ago) and renewed it Aug26. The IP serving this domain is for EC2 (you said AWS was host so that matches).

What I see is an https request to that domain only sends the "leaf" cert. It is missing the CA intermediate chain. I don't know how your VPN works (or even know which it is. Is it openvpn?). But, could you have accidentally left off this chain when renewing? Even if true, I don't have explanation for why some people work and others don't.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.