Can't renew a certificate


#1

Hi, I’m trying to renew the certificate of a site, but I receive the message “Cert not yet due for renewal”, but I’m still receiving the e-mails announcing the expiration of the certificate. This is the e-mail message:
“Your certificate (or certificates) for the names listed below will expire in 0 days (on 09 Jan 17 22:25 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors. addmee.net

My domain is: addmee.net

The configuration file for the certificate is:
version = 0.9.1
cert = /etc/letsencrypt/live/addmee.net/cert.pem
privkey = /etc/letsencrypt/live/addmee.net/privkey.pem
chain = /etc/letsencrypt/live/addmee.net/chain.pem
fullchain = /etc/letsencrypt/live/addmee.net/fullchain.pem

[renewalparams]
authenticator = webroot
installer = None
account = 7ed193468a1776f635574f153270001e
[[webroot_map]]
www.addmee.net = /var/www/html
addmee.net = /var/www/html

Apache has this configuration:
<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName addmee.net
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/addmee.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/addmee.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/addmee.net/chain.pem

I ran this command: certbot-auto renew --no-self-upgrade

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/addmee.net.conf

Cert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/addmee.net/fullchain.pem (skipped)
No renewals were attempted.

The logs are these:
2017-01-09 13:56:18,604:DEBUG:certbot.main:Root logging level set at 20
2017-01-09 13:56:18,606:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-01-09 13:56:18,606:DEBUG:certbot.main:certbot version: 0.9.3
2017-01-09 13:56:18,606:DEBUG:certbot.main:Arguments: [’–no-self-upgrade’]
2017-01-09 13:56:18,607:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#nginx,Plug$
2017-01-09 13:56:18,619:INFO:certbot.renewal:Cert not yet due for renewal
2017-01-09 13:56:18,619:DEBUG:certbot.renewal:no renewal failures

I also ran this command: certbot-auto renew --dry-run

And the result was:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/addmee.net.conf

Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for addmee.net
http-01 challenge for www.addmee.net
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0012_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0012_csr-certbot.pem
DRY RUN: simulating ‘certbot renew’ close to cert expiry
(The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/addmee.net/fullchain.pem (success)
DRY RUN: simulating ‘certbot renew’ close to cert expiry
(The test certificates above have not been saved.)

My operating system is: Debian 8.2

My web server is:Apache 2.4.17

I can login to a root shell on my machine: YES

I’m using a control panel to manage my site: NO

Thank you in advance.


#2

Only expires 11 March 2017 so it was renewed properly.

https://crt.sh/?q=www.addmee.net


#3

Thanks MitchellK!
I don’t understand why I’m still receiving the e-mails with the subject “Let’s Encrypt certificate expiration notice” and the next message:
“Your certificate (or certificates) for the names listed below will expire in 0 days (on 09 Jan 17 22:25 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors. addmee.net

Thanks again!


#4

Might be an error in the mail reminder system, perhaps one of the mods can look into this?


#5

Back in October you obtained a separate certificates for addmee.net before you obtained a combined one for addmee.net and www.addmee.net

You renewed the combined certificate ( for addmee.net and www.addmee.net) in December, however the original certificate you got ( just for addmee.net and no longer needed) has not been renewed and is about to expire. You can safely ignore the emails, as you don’t need that certificate any longer.


#6

Thank you very much!!!


#7

Just wanted to quickly note that in the dozens of times I’ve investigated spurious notification emails I’ve only run into one case where it wasn’t easily explained by the confusion that @serverco explained. The system is pretty reliable and I’d encourage folks to eliminate the “different domain name” explanation before pinging a mod about a bug :slight_smile:

Thanks!


#8

Apologies, need to have a close look at certs when giving answers in future. Checked the cert and it all looked fine but did not delve deeper into it like @serverco :blush:


#9

No worries! Thanks for helping out in the community forum :slight_smile:


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.