Certbot says certificate doesn't need renewal but I got email of certificate expiry and https won't work anymore

aravindhsampath · April 7, 2017, 4:35pm

Please fill out the fields below so we can help you better.

I ran this command: certbot renew

It produced this output:
`/home/asampath# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/aravindh.net.conf

Cert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/aravindh.net/fullchain.pem (skipped)
No renewals were attempted.
`

My operating system is (include version):
root@instance-1:/home/asampath# uname -a Linux instance-1 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux

My web server is (include version):
/home/asampath# nginx -v nginx version: nginx/1.11.5

My hosting provider, if applicable, is: Self hosted VM on Google cloud

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Issue :
certbot says certificate doesn’t need renewal but I got email of certificate expiry and https won’t work anymore.
https://aravindh.net doesn’t work anymore. New to managing ssl. Any help validating my setup is appreciated.

Thanks in advance!

schoen · April 7, 2017, 4:50pm

That does look pretty expired, but there’s evidence that you have also succeeded in getting a new cert which perhaps you’re just not using yet somehow:

https://crt.sh/?id=107862145

One thing that could have happened is that you could have used certbot certonly to renewal the certificate manually from the command line, but then not restarted or reloaded your web server, which is necessary in order for most web servers to start using the renewed cert. Do you know if your web server has been reloaded recently?

You can also check the status of the particular certificate in question with

openssl x509 -in /etc/letsencrypt/live/aravindh.net/cert.pem -text -noout

aravindhsampath · April 7, 2017, 5:28pm

Thanks @schoen. That was it. I remember manually issuing certbot certonly sometime after the initial setup.

I reloaded nginx and it seems to have picked up the new certificate. Appreciate your help. Now I learnt how to check the status of my certificate myself. Thanks.

system · May 7, 2017, 5:31pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot-auto renew ...I've been reading in the forum, but have no clue Help	7	1127	September 15, 2017
SSL Certificate expired, still Certbot unable to renew Help	20	3220	July 22, 2020
How to overcome Certbot none renewal of expired certificate Site Feedback	22	3095	October 4, 2021
The renew command output said it's not needed to renew, but when I visit demo.seafile.com, the browser told me "the certificate expired..." Help	4	1310	September 1, 2017
Certbot Renew did not work Help	72	10077	November 27, 2019

Certbot says certificate doesn't need renewal but I got email of certificate expiry and https won't work anymore

Processing /etc/letsencrypt/renewal/aravindh.net.conf

Related topics