Wildcard SSL Not Active Even After Certbot Issued Certificate

I installed a certificate using google dns plugin but my site still won’t work (It’s a .dev domain so HSTS is preloaded and it must have SSL to even load up)

My domain is: botivity.dev

I ran this command: sudo certbot certonly --dns-google --dns-google-credentials ~/.secrets/certbot/google.json -d 'botivity.dev' -d '*.botivity.dev'

It produced this output: image

My web server is (include version): Apache/2.4.38

The operating system my web server runs on is (include version): Debian 10 Buster

My hosting provider, if applicable, is: Google Cloud Platform

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

1 Like

Also:

If i run sudo certbot certificates I get:

Furthermore, transparency report shows certificate installed today and lists both the main domain and the wildcard domain. Not sure why I can’t access it.

1 Like

Hi @Kimofy

your certificate command has worked ( https://check-your-website.server-daten.de/?q=botivity.dev#ct-logs ):

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-08-10 2019-11-08 *.botivity.dev, botivity.dev
2 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-08-10 2019-11-08 *.botivity.dev, botivity.dev
2 entries duplicate nr. 1

But certonly doesn’t install the certificate, so you have to do that manual.

Or try

certbot -d botivity.dev -d *.bitivity.dev --reinstall -i apache

Certbot should find the certificate and should try to reinstall it.

3 Likes

Thank you! It worked :smiley:

3 Likes

How would I set this up in a crontab?

I currently have:
12 8 * * * certbot renew
But as you pointed out, certbot won’t automatically install the certificate. The command you asked me to run above: certbot -d botivity.dev -d *.botivity.dev --reinstall -i apache requres user input. How can I add this into my cron job to auto install as well?

1 Like

The cron command is always certbot renew.

What’s the content of your config file in

/etc/letsencrypt/renewal

This file is used when certbot renew is startet. Perhaps Certbot has already added the installer row.

1 Like
    # renew_before_expiry = 30 days
    version = 0.31.0
    archive_dir = /etc/letsencrypt/archive/botivity.dev
    cert = /etc/letsencrypt/live/botivity.dev/cert.pem
    privkey = /etc/letsencrypt/live/botivity.dev/privkey.pem
    chain = /etc/letsencrypt/live/botivity.dev/chain.pem
    fullchain = /etc/letsencrypt/live/botivity.dev/fullchain.pem

    # Options used in the renewal process
    [renewalparams]
    account = [REDACTED]
    authenticator = dns-google
    dns_google_credentials = [REDACTED]
    server = https://acme-v02.api.letsencrypt.org/directory

I have modified my cron command to:

12 8 * * * certbot renew && /etc/init.d/apache2 restart

Is this sufficient then?

1 Like

Test it.

Check your certificate in 60 - 70 days to see, if the renew has worked. If not, you have enough time to fix it.