Cert not expired but getting ERR_CERT_DATE_INVALID in crome

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
roborne.com
I ran this command:
sudo certbot renew --dry-run
It produced this output:
Processing /etc/letsencrypt/renewal/roborne.com.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for pony.roborne.com
http-01 challenge for roborne.com
http-01 challenge for www.roborne.com
Waiting for verification…
Cleaning up challenges

new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/roborne.com/fullchain.pem

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/roborne.com/fullchain.pem (success)

My web server is (include version):
nodejs
node: ‘10.16.0’,
v8: ‘6.8.275.32-node.52’,
The operating system my web server runs on is (include version):
Ubuntu 18.04
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0

Since last few days I am getting following error in my browser:
WebSocket connection to ‘wss://mydomain.com:8081/mqtt’ failed: Error in connection establishment: net::ERR_CERT_DATE_INVALID
Before that everything was running OK. I checked my certificate expiry date on server by running command : sudo certbot certificates and got :

Certificate Name: mydomain.com
** Domains: mydomain.com pony.mydomain.com www.mydomain.com**
** Expiry Date: 2019-09-23 22:30:50+00:00 (VALID: 53 days)**
** Certificate Path: /etc/letsencrypt/live/mydomain.com/fullchain.pem**
** Private Key Path: /etc/letsencrypt/live/mydomain.com/privkey.pem**
Still I checked auto renewal by running command:
sudo certbot renew --dry-run
The problem persist.
Any help please.
I am running nodejs app behind nginx proxy on Ubuntu 18.04.

2

Hi @Zeni241

your certificate is correct ( https://check-your-website.server-daten.de/?q=roborne.com ):

CN=roborne.com
	26.06.2019
	24.09.2019
expires in 54 days	
pony.roborne.com, roborne.com, www.roborne.com - 3 entries

And both connections (non-www and www) use that certificate:

Domainname Http-Status redirect Sec. G
http://roborne.com/
18.213.165.106 301 https://roborne.com/ 0.244 A
http://www.roborne.com/
18.213.165.106 301 https://www.roborne.com/ 0.224 A
https://roborne.com/
18.213.165.106 200 4.130 B
https://www.roborne.com/
18.213.165.106 200 3.853 B

But your error message says:

You use a non-standard-port 8081. My online tool can check non-standard-ports, but your port uses the wss-protocol, currently that's not supported.

Looks like you have to install the certificate manual.

1 Like
3

But everything was running ok just a few days ago. If I start Fiddler, then again everything start to run ok, I get the error as soon as I stop the Fiddler.

4

How did you install the certificate on that port? Do that again. I don't think Certbot is able to install the certificate.

Your last certificate:

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-06-25 2019-09-23 pony.roborne.com, roborne.com, www.roborne.com
3 entries
Let's Encrypt Authority X3 2019-04-26 2019-07-25 pony.roborne.com, roborne.com, www.roborne.com
3 entries

Maybe the certificate created 2019-04-26 is used. Now it's expired.

5

First thing in the morning۔

6

I installed certificate using certbot with command:
sudo certbot --nginx

Should I run this command again? I have noticed that there in no mention of port 8081 of wss in my nginx server block for this site. Should I include port 8081 or wss in nginx file (what should I add)?

7

No, that doesn't help. Your standard port works, your certificate is correct, you have a good Grade B (see other check results - https://check-your-website.server-daten.de/ - there are a lot of sites with Grade M, N, Timeouts etc.). Grade B says: No problem with your certificate.

I have no idea how to configure a wss application. And currently, I can't check it. So: Has the wss / port 8081 already a certificate? Do that installation again.

8

Thanks a lot for your help. I will try and get here again…

9

Well, the problem finally solved. :grinning: After some research I found this *

" mosquitto never update listener settings when running, so when you regenerate the server certificates you will need to completely restart the broker. " here

  • I restarted the mosquitto broker and sun is shinning once again and you are mine...

Thanks everybody for so much help.

1 Like
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.