kinger
March 9, 2023, 12:56pm
1
Running Ubuntu 22.04 LTS
Server name is globus-dtn1.bioscience-ct.net
certbot certificates produces the following output:
Found the following certs:globus-dtn1.bioscience-ct.net globus-dtn1.bioscience-ct.net
cert check from the public Internet shows that cert expired on 2/20/2023
subject=CN = globus-dtn1.bioscience-ct.net
Appreciate any help you can provide
That domain shows a server of "gunicorn". I am not familiar but did you restart it after getting a new cert? Often servers need a refresh after.
Certbot can do that with apache and nginx but other servers might need a --deploy-hook or other kind of refresh/restart
3 Likes
kinger
March 9, 2023, 1:35pm
3
I restarted services and even rebooted the server
Check your SSL config in gunicorn and see what cert files it references. The certs are just files and gunicorn is using some cert file you got previously.
Did you make a copy of the prior cert for gunicorn maybe?
Sorry, I don't know it well enough to say more. Maybe someone else will
3 Likes
kinger
March 9, 2023, 1:43pm
5
I have no clue what you are referring to when you state "gunicorn"
This is a globus connect dtn server that I installed letsencrypt on for ssl compliance.
An HTTP request shows Apache
curl -I http://globus-dtn1.bioscience-ct.net
HTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
But, an HTTPS request says different (and a 404 for some odd reason). Do you have some sort of firewall doing HTTPS inspection or something like that
curl -Ik https://globus-dtn1.bioscience-ct.net
HTTP/1.1 404 NOT FOUND
Server: gunicorn
4 Likes
kinger
March 9, 2023, 2:35pm
7
Issue resolved... for globus users you need to issue the oidc update command specifying the paths to the letsencrypt to the updated certs
1 Like