Certbot says cert is not ready for renewal Site says it's expired

froglevelmc · July 7, 2020, 3:58am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:unifi.portcitydata.com

I ran this command: sudo certbot renew

It produced this output:
The following certs are not due for renewal yet:
/etc/letsencrypt/live/portcitydata.com/fullchain.pem expires on 2020-09-01 (skipped)
/etc/letsencrypt/live/unifi.portcitydata.com/fullchain.pem expires on 2020-09-01 (skipped)
No renewals were attempted.

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu 18.04 LTS

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.27.0

stevenzhu · July 7, 2020, 4:16am

Hi,

Can you try to execute the below command?
sudo systemctl restart nginx

I think you used certonly when issuing the certificate, which means your certificate renewal and since certbot didn’t know what server you used on, it didn’t apply the certificate to nginx. A simple reload would fix this issue.

P.S. For future reference, try certbot renew -a nginx (which should specify the authenticator to nginx web server.)

froglevelmc · July 7, 2020, 4:44am

I had actually restarted the whole server before making this post. That would have restarted nginx.

schoen · July 7, 2020, 9:06am

Could we also see the output of sudo certbot certificates?

froglevelmc · July 8, 2020, 7:41pm

Found the following certs:
Certificate Name: portcitydata.com
Domains: portcitydata.com
Expiry Date: 2020-09-01 11:15:50+00:00 (VALID: 54 days)
Certificate Path: /etc/letsencrypt/live/portcitydata.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/portcitydata.com/privkey.pem
Certificate Name: unifi.portcitydata.com
Domains: unifi.portcitydata.com
Expiry Date: 2020-09-01 11:15:58+00:00 (VALID: 54 days)
Certificate Path: /etc/letsencrypt/live/unifi.portcitydata.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/unifi.portcitydata.com/privkey.pem

froglevelmc · July 8, 2020, 8:05pm

I figured it out. I had a cron job set to run a script that imported the updated cert shortly after cerbot renew runs but it was not running for some reason. I manually ran it and all is well. I just have to work out why the cron job was not running now.
Thanks for the help!!!

schoen · July 8, 2020, 8:56pm

Great! You might want to look at Certbot’s --deploy-hook option, which will let Certbot initiate a task to deploy a new certificate immediately after it’s saved (assuming your security model makes that appropriate).

system · August 7, 2020, 8:56pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problems renewing cert Help	6	930	October 29, 2019
SSL Certificate expired, still Certbot unable to renew Help	20	3230	July 22, 2020
Certbot Renew did not work Help	72	10085	November 27, 2019
Https is not working any more http is Help	24	1829	June 16, 2022
Renewed certificate, still getting Cert Date Invalid Help	5	502	September 18, 2020

Certbot says cert is not ready for renewal Site says it's expired

Related topics