Cert not yet due for renewal - Browser says:yes

Hi group,

My browser indicated that my SSL is expired since 1 oct 2019, but cerbot indicated:
This SSL is for my controller unifi. I never have any problem since yesterday.

Thanks for your help
Merci

Validity
Not Before: Sep 11 13:12:15 2019 GMT
Not After : Dec 10 13:12:15 2019 GMT

My domain is: unifi.tekinfo.ca

I ran this command:

1- letsencrypt renew
2- apachectl restart

It produced this output: Cert not yet due for renewal

The operating system my web server runs on is (include version): Ubuntu 16.04

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): version 0.23.0

Hi,

Could you please dig into your Apache configuration and check if the certificate configured are the same as the output on certbot certificates? You might copied the certificate when you setup that…

Thank you

1 Like

Thanks for reply,

But how to do this?

Merci

Hi @inno100,

Try grep -r SSLCert /etc/apache2 to search for the configuration directives within your Apache configuration.

Thank,

Why I have this problem? I never have any problem before?

Here the grep:

#SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Point SSLCertificateChainFile at a file containing the
# the referenced file can be the same as SSLCertificateFile
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

I don’t think that the configuration that you found in /etc/apache2 is the configuration that’s really being used to serve your site. Are you sure that you’re not also using some other kind of server software for this site?

Does the Unifi controller software have its own certificate import method or interface? If so, maybe you imported the original certificate, but didn’t import the new certificate after it was renewed? This would have to be done every time.

Thank you for your help, but I do not understand what I have to do. He has nothing else on his server only Unifi Controllor. Unifi does not have its own SSL certificate. It’s been over a year that I make renews and no problem.

Is this controller meant to be accessible from the Internet? I’m not able to connect to it to see the problem for myself.

https://unifi.tekinfo.ca:8888

I’m confused about this because I don’t see where the Apache process is involved. https://unifi.tekinfo.ca:8888/ does not appear to be an Apache server. What is the connection between the Apache process and the controller software here?

@inno100, are you sure your system uses Apache? The Unifi controllers I’ve worked with used a Java web server (which was invariably on port 8443, not 8888). What is Apache doing here?

2 Likes

Thank for your reply,

I do not have the knowledge to answer your questions. I installed my controllor 2 years ago and yes I changed the default port by the 8888. The SSL certificate is over a year that I use it and my renewal has always been good. Why do I have apache2, I do not know.

Merci

I’m afraid we’ll need to understand more about your software environment in order to solve this problem.

Maybe you could run

sudo ss -ptl

on your server to tell us more about what software is listening on which ports. Also, do you have any kind of firewall port mappings or forwarding in place?

Hi,

Here the info:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:27017 : users:((“mongod”,pid=1391,fd=8))
LISTEN 0 10 127.0.0.1:submission : users:((“sendmail-mta”,pid=1731,fd=5))
LISTEN 0 128 127.0.0.1:27117 : users:((“mongod”,pid=12111,fd=8))
LISTEN 0 128 :webmin : users:((“miniserv.pl”,pid=1868,fd=5))
LISTEN 0 10 127.0.0.1:smtp : users:((“sendmail-mta”,pid=1731,fd=3))
LISTEN 0 128 :2525 : users:((“sshd”,pid=1445,fd=3))
LISTEN 0 50 :::6789 :::
users:((“java”,pid=12078,fd=170))
LISTEN 0 100 :::8843 :::
users:((“java”,pid=12078,fd=197))
LISTEN 0 100 :::8880 :::* users:((“java”,pid=12078,fd=142))
LISTEN 0 100 :::http-alt :::* users:((“java”,pid=12078,fd=137))
LISTEN 0 128 :::http :::* users:((“apache2”,pid=30972,fd=4),(“apache2”,pid=30971,fd=4),(“apache2”,pid=7388,fd=4))
LISTEN 0 100 :::8888 :::* users:((“java”,pid=12078,fd=178))
LISTEN 0 128 :::2525 :::* users:((“sshd”,pid=1445,fd=4))

And I use UWF for manage my firewall. I open port 80 and 443 before renewal the certificate and after I close this port.

I hope this will help you and me

Thanks. Could we also see the output of certbot certificates?

Do you have any memory of how the controller originally came to be set up with HTTPS?

https://crosstalksolutions.com/lets-encrypt-unifi/

How to output the cerbot?

Run that command at a command prompt on the server.