Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The following certs are not due for renewal yet:
/etc/letsencrypt/live/examaker.com/fullchain.pem (skipped)
No renewals were attempted.
My web server is (include version):Apache
The operating system my web server runs on is (include version):
Debian 8
My hosting provider, if applicable, is: Contabo.com
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
VestaCP
There was a cert issued a month ago but that is not the one being served (that one expires in 8 days).
The system has the newer cert so “Cert not yet due for renewal” is a valid response.
The problem is in why the VestaCP isn’t using the latest cert.
I’m not familiar with that control panel, do you see any way to pick which cert is being used?
I also updated the thread topic to better reflect the problem and attract potential helpers.
For example, maybe VestaCP made a copy of the old certificate and you'll have to tell it to import the new one as well. You can access the new files via /etc/letsencrypt/live/examaker.com (probably you want fullchain.pem and privkey.pem). As @rg305 says, your certificate has already been renewed and the new certificate which should be present there (but apparently not noticed by VestaCP?) will be valid until January 12.