My domain is: marcusriemer.de
I ran this command: certbot certonly --text -d marcusriemer.de --standalone
and
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
/usr/lib/python3.6/site-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
Performing the following challenges:
tls-sni-01 challenge for marcusriemer.de
Waiting for verification...
Cleaning up challenges
archive directory exists for marcusriemer.de-0001
But if I check the certficate using openssl x509 -noout -dates -in /etc/letsencrypt/archive/marcusriemer.de-0001/fullchain1.pem
the “new” certificate is still expired.
The operating system my web server runs on is (include version): Arch Linux
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
If I run certbot certificates
I get the following output (I only redacted some domain variants):
Certificate Name: marcusriemer.de
Domains: marcusriemer.de
Expiry Date: 2018-04-30 06:36:29+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/marcusriemer.de/fullchain.pem
Private Key Path: /etc/letsencrypt/live/marcusriemer.de/privkey.pem
Running certbot renew
tells me everything is alright but does not produce a new certificate:
Processing /etc/letsencrypt/renewal/marcusriemer.de.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
/usr/lib/python3.6/site-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
Performing the following challenges:
tls-sni-01 challenge for marcusriemer.de
Waiting for verification...
Cleaning up challenges
-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/marcusriemer.de/fullchain.pem
-------------------------------------------------------------------------------
I then attempted to retrieve a certificate manually using the certbot certonly --text -d marcusriemer.de --standalone
command mentioned above (which ran without errors, as stated above). But after checking the created certificate using openssl x509 -noout -dates -in /etc/letsencrypt/archive/marcusriemer.de-0001/fullchain1.pem
all I get is this:
notBefore=Jan 30 06:36:29 2018 GMT
notAfter=Apr 30 06:36:29 2018 GMT