Browser reports cert date invalid

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.watershedvillage.com

I ran this command: Used browser

It produced this output: Certificate has expired
valid from 1/8/2020 to 4/7/2020

My web server is (include version):Apache 2.4.39

The operating system my web server runs on is (include version): windows

My hosting provider, if applicable, is: google

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): wacs.exe version 2.1.2.641

Client reports that certs are good until 6/1/2020

1 Like

Commonly this type of problem is caused by a client that renews a certificate but does not restart or reload the web server. If you restart Apache, does the problem go away?

If the problem goes away after restarting Apache, you should file an issue against your ACME client suggesting it should have ability to restart web servers upon renewal. Otherwise you are likely to have this problem again in 60 days.

2 Likes

That didn’t work. I bounced Apache and still get the message

1 Like

Then the next thing I would try is to check the Apache config to see what paths the SSLCertificate line points to. Is that the same file being updated by your ACME client? If you decode the certificate with openssl does it show that it’s up to date?

Another thing to check would be that the IP address for your site is pointing to the server you expect it to.

2 Likes

When I upgraded to ACMEv2 the client moved my files to a different directory. However, they also handle the files differently (no pem files). So I had to change the cert path in my vhosts file and recreate each of my domains using the pem option.

Thanks for your incredibly quick help :slight_smile:

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.