Actual cert expires one month before fullchain.pem expires

My cert surprisingly expired today, June 29. When I tried to renew, certbot said fullchain.pem expires on 2020-08-29. I renewed via --force-renewal. Now my cert says it expires Aug 29 and if I run certbot renew, it says fullchain.pem expires on 2020-09-27

My domain is:
boardgenius.io

I ran this command:
sudo certbot renew

It produced this output:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/boardgenius.io.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/boardgenius.io/fullchain.pem expires on 2020-08-29 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

My web server is (include version):

nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.27.0

1 Like

Hi @EncryptKeeper

what’s your question?

Conclusion of your informations: You don’t use the newest certificate. May be you have to restart your webserver.

2 Likes

Hi @JuergenAuer - my question is why my cert expires before the date in fullchain.pem. This presents a problem, for example, if I’m using a cronjob to renew my cert. I run it every month/week/whatever just to be safe. I run it without --force-renewal. My cert will now expire on Aug 29 and certbot will not automatically renew via cronjob because it will say not due for renewal yet.

1 Like

manually check the certs in /etc/letsencrypt - pay attention to the live and renewals directory.

the cert active on your domain right now is valid from May30th to Aug28th

the most-likely thing I can think of, is that you have another certificate ‘family’ with the same domain on your system and you are getting 2 certificates confused with each other.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.