See log below – today is Sept 2nd, and I’m using docker certbot to renew my cert. Certbot reports success / congratulations – your cert has been renewed and is now expiring Sept 8th. !!!
I clearly need my cert to last longer than 6 days. What’s going on?!
My domain is: scalableinnovations.org
I ran this command:
whoami date docker run --rm --name certbot \ -v "/root/letsencrypt/etc:/etc/letsencrypt" \ -v "/root/letsencrypt/var:/var/lib/letsencrypt" \ -v "$WEBROOT:/webroot/" certbot/certbot certonly \ --non-interactive --webroot -w /webroot/ \ -d scalableinnovations.org --cert-name scalableinnovations.org
It produced this output:
root Wed Sep 2 16:22:07 UTC 2020 Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: http-01 challenge for scalableinnovations.org Using the webroot path /webroot for all unmatched domains. Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/scalableinnovations.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/scalableinnovations.org/privkey.pem Your cert will expire on 2020-09-08. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" ...snip
I checked to ensure the files are being newly written:
> ls -la /root/letsencrypt/etc/live/scalableinnovations.org/cert.pem lrwxrwxrwx 1 root root 52 Sep 2 16:22 cert.pem -> ../../archive/scalableinnovations.org-0001/cert1.pem
Yes, the symlink itself is updated… but what about the file it points to:
> ls -la /root/letsencrypt/etc/archive/scalableinnovations.org-0001/cert1.pem -rw-r--r-- 1 root root 1931 Jun 10 02:00 /root/letsencrypt/etc/archive/scalableinnovations.org-0001/cert1.pem
Aha, that’s old… but… why?
I was going to try and blow away my letsencrypt directory and just start fresh, but I’ve hit a rate limit.
The operating system my web server runs on is (include version):