Browsers Reporting Expired Certificate after Manual Renewal

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.corauratum.com

I ran this command: certbot renew

It produced this output: usual timeout during connect

My web server is (include version): Nginx 1.15.12

The operating system my web server runs on is (include version): Ubuntu 16.04.6 LTS

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

I posted previously about the renewal issues I was having. Well once I got them resolved, I renewed the certificate with certbot renew and everything seemed fine. However now browsers are reporting that the certificate has expired. The certificate is good until July 2019, but the browsers are reporting the old date which was May 2, 2019. What’s the quickest way to fix this?

Hi @AndalayBay

the expired certificate is used ( https://check-your-website.server-daten.de/?q=corauratum.com ):

CN=corauratum.com
	01.02.2019
	02.05.2019
13 days expired	
corauratum.com, test.corauratum.com, 
www.corauratum.com - 3 entries

But there is a new certificate:

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
877818339 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-04-23 20:25:12 2019-07-22 20:25:12 corauratum.com, test.corauratum.com, www.corauratum.com
3 entries

What says

certbot certificates

Perhaps try

certbot -d corauratum.com -d test.corauratum.com -d www.corauratum.com

Certbot should find the active certificate and should ask, if you want to install it.

@JuergenAuer that fixed it - thank you. However I think there’s something wrong with the certbot renew command then. Even when I ran the certbot -d command, it said that I could renew all my certificates with the renew command, which is what I did. I did look at the documentation and it also said to run certbot renew! The editor isn’t working for me, so I can’t format this reply properly.

It would be helpful to see the original output of certbot renew (but maybe you didn’t save it?) and of certbot certificates in order to understand better what’s happened here.

I have logging enabled and logrotate, so I’ll check the logs and see what I can find.

What’s the content of your config file? A file in

/etc/letsencrypt/renewal

If there is certonly or no installer, that’s the problem.

Running certonly -> renew doesn’t install.

Here’s the conf file:

# renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/corauratum.com
cert = /etc/letsencrypt/live/corauratum.com/cert.pem
privkey = /etc/letsencrypt/live/corauratum.com/privkey.pem
chain = /etc/letsencrypt/live/corauratum.com/chain.pem
fullchain = /etc/letsencrypt/live/corauratum.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
authenticator = webroot
account = *removed*
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
corauratum.com = /plexus/corauratum/prod
test.corauratum.com = /plexus/corauratum/test
www.corauratum.com = /plexus/corauratum/prod

The account is a long string of numbers, but I removed it from the text above just in case.

@schoen I have the logs, but I’m not sure what to post. Perhaps I could PM the contents to you?

If you run a command with explicit paramaters, Certbot changes your config file.

So check your domain in 60 - 65 days if the certificate is renewed.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.