I Have install newer version of certbot and, getting subjected error despite that certificate is being generated and over browser can be seen root cert is expiring on 2035 along with R3 intermediate cert(expiry 2025) signed by ISRG root.
linux# certbot certonly --server https://acme-staging-v02.api.letsencrypt.org/directory --agree-tos -m email@example.com --dns-dnsmadeeasy --dns-dnsmadeeasy-credentials /etc/letsencrypt/creds/dnsmadeeasy.ini --dns-dnsmadeeasy-propagation-seconds 20 -d load.menu --test-cert --break-my-certs --preferred-chain "ISRG Root X1"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
What would you like to do?
1: Keep the existing certificate for now
2: Renew & replace the certificate (may be subject to CA rate limits)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for load.menu
Certbot has been configured to prefer certificate chains with issuer 'ISRG Root X1', but no chain from the CA matched this issuer. Using the default certificate chain instead.
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/load.menu-0005/fullchain.pem
Key is saved at: /etc/letsencrypt/live/load.menu-0005/privkey.pem
This certificate expires on 2022-04-08.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
However, I still seeing, cert is supposed to expire in 2025 instead of 2035.
here, what I'm getting in command output instead of this>>https://letsencrypt.org/certs/isrgrootx1.txt
linuxhost# openssl x509 -in /etc/letsencrypt/live/load.menu-0004/chain.pem -text -noout
Version: 3 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X1
Not Before: Sep 4 00:00:00 2020 GMT
Not After : Sep 15 16:00:00 2025 GMT
Subject: C = US, O = Let's Encrypt, CN = R3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Exponent: 65537 (0x10001)
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
X509v3 Basic Constraints: critical
X509v3 Subject Key Identifier:
X509v3 Authority Key Identifier:
Authority Information Access: CA Issuers - URI:http://x1.i.lencr.org/ X509v3 CRL Distribution Points: Full Name: URI:http://x1.c.lencr.org/ X509v3 Certificate Policies: Policy: 184.108.40.206.2.1 Policy: 220.127.116.11.4.1.44918.104.22.168
Can anyone help me here please..