What can I do if the letsencrypt certificate has expired?



The letsencrypt certificate has expired and I don’t know what I can do. I followed this tutorial to install and create certificates when it was letsencrypt not cerbot (https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04)

domains: bbicommunication.com and www.bbicommunication.com
Host: digitalocean
Ubuntu 16.04

I have tried with letsencrypt renew but I understand that because the certificate has expired, it does not work.

Any idea?


It should work whether or not the certificate has expired.

To help you, could you please provide the full output of the certbot renew command, as well as:

certbot --version

Hi @noarge

perhaps your certbot / letsencrypt is too old. And you may have used tls-sni-01 - validation, this is deprecated, support ends.

We need more informations (standard template from #help ):

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

PS: Your domain is completely invisible ( https://check-your-website.server-daten.de/?q=bbicommunication.com ):

Domainname Http-Status redirect Sec. G
http://bbicommunication.com/ -14 10.027 T
Timeout - The operation has timed out
http://www.bbicommunication.com/ -14 10.027 T
Timeout - The operation has timed out
https://bbicommunication.com/ -14 10.024 T
Timeout - The operation has timed out
https://www.bbicommunication.com/ -14 10.027 T
Timeout - The operation has timed out
http://bbicommunication.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de -14 10.027 T
Timeout - The operation has timed out
http://www.bbicommunication.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de -14 10.027 T
Timeout - The operation has timed out

Only timeouts.

So you can’t use http-01 - validation, an open port 80 is required (http-01 follows tls-sni-01).


Looks OK to me - and Let’s Encrypt staging can connect as well - https://letsdebug.net/bbicommunication.com/23773?debug=y


Yep, now it’s open, but there is a wrong redirect:

http + /.well-known -> https + /.well-known, that’s ok.

But then follows a redirect to /, that’s bad.


Hi JuergenAuer,

This is the output I get with the letsencrypt renew command.

Version - 0.4.1


Your Letsencrypt is too old.

Update to certbot or certbot-auto.



I try following this tutorial.

I supose I have to install on the etc folder, isn’t it?

Could you tell me which command I have to use?
Something like: certbot install -d domain ??

Thank you


You have an Apache.

So start with

sudo certbot --apache

then certbot should ask the other things and create a config file.

PS: No, first fix your wrong redirect.

PPS: Or the Apache-plugin ignores that error.


Again a PS:

Perhaps first create a test-certificate.

sudo certbot --apache --dry-run

to check if your configuration works.



So on the root folder I do:

sudo apt-get update sudo apt-get install software-properties-common
sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update sudo apt-get install certbot python-certbot-apache

sudo certbot --apache --dry-run

and then

sudo certbot --apache

Do I have to do anything with the configuration I had? I mean, Do I have to remove the letsencrypt folder I had?



is only one time required.


to test, then

to create a new productive certificate.

Ignore it. I don’t know which folders this very old letsencrypt uses, perhaps the same. You can see that later (certbot certificates).



Finally, it is solved.

I have changed:

sudo apt-get install certbot python-certbot-apache
sudo apt-get install python-certbot-apache

Thank you very much.

closed #15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.