Running Ubuntu 22.04 LTS
Server name is globus-dtn1.bioscience-ct.net
certbot certificates produces the following output:
Found the following certs:
Certificate Name: globus-dtn1.bioscience-ct.net
Serial Number: 370acb95b7d802e44a5e8742adba242c53d
Key Type: RSA
Expiry Date: 2023-06-06 19:39:45+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/globus-dtn1.bioscience-ct.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/globus-dtn1.bioscience-ct.net/privkey.pem
cert check from the public Internet shows that cert expired on 2/20/2023
subject=CN = globus-dtn1.bioscience-ct.net
issuer=C = US, O = Let's Encrypt, CN = R3
notBefore=Nov 22 17:24:54 2022 GMT
notAfter=Feb 20 17:24:53 2023 GMT
Appreciate any help you can provide
That domain shows a server of "gunicorn". I am not familiar but did you restart it after getting a new cert? Often servers need a refresh after.
Certbot can do that with apache and nginx but other servers might need a --deploy-hook or other kind of refresh/restart
I restarted services and even rebooted the server
Check your SSL config in gunicorn and see what cert files it references. The certs are just files and gunicorn is using some cert file you got previously.
Did you make a copy of the prior cert for gunicorn maybe?
Sorry, I don't know it well enough to say more. Maybe someone else will
I have no clue what you are referring to when you state "gunicorn"
This is a globus connect dtn server that I installed letsencrypt on for ssl compliance.
An HTTP request shows Apache
curl -I http://globus-dtn1.bioscience-ct.net
HTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
But, an HTTPS request says different (and a 404 for some odd reason). Do you have some sort of firewall doing HTTPS inspection or something like that
curl -Ik https://globus-dtn1.bioscience-ct.net
HTTP/1.1 404 NOT FOUND
Issue resolved... for globus users you need to issue the oidc update command specifying the paths to the letsencrypt to the updated certs
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.