Wildcard SSL Not Active Even After Certbot Issued Certificate

I installed a certificate using google dns plugin but my site still won’t work (It’s a .dev domain so HSTS is preloaded and it must have SSL to even load up)

My domain is: botivity.dev

I ran this command: sudo certbot certonly --dns-google --dns-google-credentials ~/.secrets/certbot/google.json -d 'botivity.dev' -d '*.botivity.dev'

It produced this output: image

My web server is (include version): Apache/2.4.38

The operating system my web server runs on is (include version): Debian 10 Buster

My hosting provider, if applicable, is: Google Cloud Platform

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

1 Like

Also:

If i run sudo certbot certificates I get:

Furthermore, transparency report shows certificate installed today and lists both the main domain and the wildcard domain. Not sure why I can’t access it.

1 Like

Hi @Kimofy

your certificate command has worked ( https://check-your-website.server-daten.de/?q=botivity.dev#ct-logs ):

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-08-10 2019-11-08 *.botivity.dev, botivity.dev
2 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-08-10 2019-11-08 *.botivity.dev, botivity.dev
2 entries duplicate nr. 1

But certonly doesn’t install the certificate, so you have to do that manual.

Or try

certbot -d botivity.dev -d *.bitivity.dev --reinstall -i apache

Certbot should find the certificate and should try to reinstall it.

3 Likes

Thank you! It worked :smiley:

3 Likes

How would I set this up in a crontab?

I currently have:
12 8 * * * certbot renew
But as you pointed out, certbot won’t automatically install the certificate. The command you asked me to run above: certbot -d botivity.dev -d *.botivity.dev --reinstall -i apache requres user input. How can I add this into my cron job to auto install as well?

1 Like

The cron command is always certbot renew.

What’s the content of your config file in

/etc/letsencrypt/renewal

This file is used when certbot renew is startet. Perhaps Certbot has already added the installer row.

1 Like
    # renew_before_expiry = 30 days
    version = 0.31.0
    archive_dir = /etc/letsencrypt/archive/botivity.dev
    cert = /etc/letsencrypt/live/botivity.dev/cert.pem
    privkey = /etc/letsencrypt/live/botivity.dev/privkey.pem
    chain = /etc/letsencrypt/live/botivity.dev/chain.pem
    fullchain = /etc/letsencrypt/live/botivity.dev/fullchain.pem

    # Options used in the renewal process
    [renewalparams]
    account = [REDACTED]
    authenticator = dns-google
    dns_google_credentials = [REDACTED]
    server = https://acme-v02.api.letsencrypt.org/directory

I have modified my cron command to:

12 8 * * * certbot renew && /etc/init.d/apache2 restart

Is this sufficient then?

1 Like

Test it.

Check your certificate in 60 - 70 days to see, if the renew has worked. If not, you have enough time to fix it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.