0

I'm working on renewing the SSL certificate for my websites. They are all running on the same EC2 instance with the same Apache server. Two of my domains recently expired so I also tried to remove them from the certificate.

I think I renewed the certificate correctly because when I run the following, it appears to suggest the certificate is up-to-date:

$ /usr/local/bin/certbot-auto certonly --webroot -w /var/www/html -d apptic.me -d www.apptic.me -d athenaforyou.com -d www.athenaforyou.com -d cloudlease.me -d www.cloudlease.me -d foleyrounds.com -d www.foleyrounds.com -d ugba198.com -d www.ugba198.com -d wildcattribune.com -d www.wildcattribune.com
Requesting to rerun /usr/local/bin/certbot-auto with root privileges...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/apptic.me.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal; no action taken.

Then I restart Apache with sudo systemctl restart httpd, which produces no output.

But when I navigate to my website at www.apptic.me, I see there is still an SSL error saying the certificate is expired. What could be happening?

I'm running Apache 2.4:

$ yum info httpd
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
236 packages excluded due to repository priority protections
Installed Packages
Name        : httpd
Arch        : x86_64
Version     : 2.4.43
Release     : 1.amzn2
Size        : 4.0 M
Repo        : installed
From repo   : amzn2-core
Summary     : Apache HTTP Server
URL         : https://httpd.apache.org/
License     : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
            : web server.
Neel
  • 143
  • 7

1 Answers1

1

It turns out I didn't put enough information in the original question, but I'm documenting what worked for me in case it happens to help anyone. First, I deleted the old vhosts files and the corresponding vhost_*-le-ssl.conf for the domains that I no longer owned.

I also accidentally deleted a folder in /etc/letsencrypt/live/ and /etc/letsencrypt/renewal/ (against the README's advice). That made it so certbot was no longer working because it couldn't run sudo systemctl restart httpd.

Thankfully the files were still in /etc/letsencrypt/archive, so I restored the folders from there. (I just copied the archive folder to each directory and renamed files when certbot told me to.)

Ultimately after fixing the folders and stopping + starting the httpd service, I ran certbot again and it outputted links like this one, confirming the certificates were properly installed: https://www.ssllabs.com/ssltest/analyze.html?d=apptic.me

Neel
  • 143
  • 7