Certbot says certificate doesn't need renewal but I got email of certificate expiry and https won't work anymore


#1

Please fill out the fields below so we can help you better.

My domain is: aravindh.net

I ran this command: certbot renew

It produced this output:
`/home/asampath# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/aravindh.net.conf

Cert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/aravindh.net/fullchain.pem (skipped)
No renewals were attempted.
`

My operating system is (include version):
root@instance-1:/home/asampath# uname -a Linux instance-1 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux

My web server is (include version):
/home/asampath# nginx -v nginx version: nginx/1.11.5

My hosting provider, if applicable, is: Self hosted VM on Google cloud

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Issue :
certbot says certificate doesn’t need renewal but I got email of certificate expiry and https won’t work anymore.
https://aravindh.net doesn’t work anymore. New to managing ssl. Any help validating my setup is appreciated.

Thanks in advance!


#2

That does look pretty expired, but there’s evidence that you have also succeeded in getting a new cert which perhaps you’re just not using yet somehow:

https://crt.sh/?id=107862145

One thing that could have happened is that you could have used certbot certonly to renewal the certificate manually from the command line, but then not restarted or reloaded your web server, which is necessary in order for most web servers to start using the renewed cert. Do you know if your web server has been reloaded recently?

You can also check the status of the particular certificate in question with

openssl x509 -in /etc/letsencrypt/live/aravindh.net/cert.pem -text -noout


#3

Thanks @schoen. That was it. I remember manually issuing certbot certonly sometime after the initial setup.

I reloaded nginx and it seems to have picked up the new certificate. Appreciate your help. Now I learnt how to check the status of my certificate myself. Thanks.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.