Let`s Encrypt certificate update not carried out or transferred correctly

Hi Forum,

I hope someone can help:
Today some of my LE certificates (for sogo, nextcloud e.t.c. and some other) were outdated (Nov. 26th 2020 / approx. 06:00). In contrast to that the standard certificate (including sogo, nextcloud etc) was renewed on October 28th 2020 and it is still valid. It looks like it was not transferred to the respective sub-sites.

I did a reboot which usually solves this problem but it did not.

Thank you and best regards

NethServer Version: 7
Module: Let’s encrypt

1 Like

I do not get this.

not only Nextcloud but all LE related Nethserver Modules are effected (SoGo, Mattermost …). And renewal is not triggered by NC but NS.


What @Walter_Palumbo posted isn’t only a nextcloud problem. Please try the following steps from the side Walter posted:

Then after reading this thread and a few other things on the net, I first made a copy of the /etc/letsencrypt folder and then tried a few things.
What finally got it working for me was to copy the .pem files from the mycoolsite.org-0001 folder to the mycoolsite.org one:

Also have a look here:

Hi Michael,

A long shot:

Could it be possible that the script
--reloadcmd "/sbin/e-smith/signal-event certificate-update"
at the end of the certificate renewal

which contains the old keys

instead of taking
which contains the newkeys

mainly when called (or receiving parameters) to update sogo, nextcloud, etc, and some other.

I know that Marko @capote had a problem with the suffix -0001 and he got rid of it by deleting some files and directories in /etc/letsencrypt/live and also in other places. Then he renewed the certificate and all was OK. I am looking forward to know how exactly he did it

As I wrote at the beginning, a long shot,


I am sorry - I am blind and I am by far not an linux expert. I do not get the point, where is the workaround / how does it work?

Di I really need to transfer / copy / rename certificate files for a process which worked perfectly automated for about 1-2 years?


No. But are you using individual certificates for Nextcloud, Sogo, etc.? If so, how did you do that? That (sadly) isn’t a supported configuration, so it would have taken some template editing.

Hi Dan,

No, I am using just one certificate carrying just a lot of alias names. Funny is: The top domain part of the certificate (ebb-s01) works.

Hi Michel-Andre,
I think I see the reason for your trouble just as it was with me originally.
You are mixing different domains in one form.
You have to request and renew for each domain separately.

Sincerely, MArko

Nonsense. Multiple domains on one cert is a perfectly valid configuration.

Hi all,

I resolved my problem with the -0001 suffix.
I have to admit that previoustly I had not only -0001 but also -0002 suffixes.

Now, I have 1 brand new Let’s Enrypt certificate and no suffix at all.

I have 1 certificate for multiple domain i.e. a SAN certificate (Certificates with SAN also provide a SAN [Subject Alternative Name] field that allows additional domain names to be protected with a single certificate. Have a look at https://www.micronator.org.

I have to wait until tomorrow to make sure that all is working perfectly, then I will write what I did.

To be continued…



no parlais franzais …

Google Translate, or one of its ilk, is the friend of all those who, without mastering a particular language, strive to broaden their horizons, but it is useless for those who do not click the right button.

image image

image image

1 Like

On page: LetsEncrypt certificate path with domain suffix.


@Jimbo, @michelandre, @danb35

looks like we have the same problem here:

Today I tried something which convinced me that this is a e-smith bug:
I simply changed the standard certificate from LE to the initial certificate (+reboot) and then returned to the LE as the standard certificate (no reboot). NS LE started to work and SoGo, Mattermost, Nextcloud and all the other services got the correct (most recent) certificates.

Please let me know if / how I may investigate / report on this issue.

Best regards

cc @dev_team

Thanks @m.traeumner for pointing it out :slight_smile:
I’ve already followed the thread but I didn’t understand the problem, nor how to reproduce.

If someone can summarize everything in one post, I will gladly give my opinion :wink:

1 Like