Certificate end in the future but expired

Hi everyone.

How this is possible :

"Certificate was issued by R3
Certificate was valid until Dec 30 04:17:15 2022 GMT"

How to deal with this?

Thank you !

1 Like

To deal with what exactly? I'm afraid you're not giving us much to work with. Do you get browser errors? If so, what exact message? Which OS? Which browser and version? What site? Et cetera et ctera.

That's why the Help section has a questionnaire to help you provide us with the most information usually required for helping you. Here it is (again):


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

4 Likes

Hi Osiris.

First of all thank you a lot for your response.

Yes, in fact, I thougth this is a generic issue, and it was not necessary to give more informations for discuss around it.

So :

  • I have an issue for every browser, tells : your certificate is no valid.

  • I launch "docker exec nginx-proxy-acme /app/cert_status" command, for checking the certificate state and I obtain this : "Certificate was issued by R3. Certificate was valid until Dec 30 04:17:15 2022 GMT"

  • I tried a forced renew of certificate by this command : "docker exec nginx-proxy-acme /app/force_renew", and I obtain this message : Create new order error. Le_OrderFinalize not found. {
    "type": "urn:ietf:params:acme:error:rateLimited",
    "detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: mydomain, retry after 2022-10-02T13:53:16Z: see Duplicate Certificate Limit - Let's Encrypt",
    "status": 429
    }

So, how a certificate ending in december of this year, can be expired? May be a link with the rate limit?

More details :
I have an Angular project et five aspnetcore 6 projects (API's and Worker Services) deployed for each of them in an docker container, all orchestred by a docker-compose, in a Debian VPS.

I have a ljwilder/nginx-proxy container and I successfully certified my domain with "Letsencrypt" (nginxproxy/acme-companion container), that work's with my angular project.

And I try since few days to add my API's as upstreams in my nginx default.conf, but without success.

Hope those informations help you to help me :slight_smile:

ps: And I can give you more informations of course, if you need.

1 Like

It speaks of Dec 30th 2022 as if that was in the past. Your clock is probably wrong.

The clock inside the container, I mean. Try this: docker exec nginx-proxy-acme date

5 Likes

Hi @Raikho, and welcome to the LE community forum :slight_smile:

My first thought is that the clock on the PC is behind and that recently renewed cert isn't valid yet.
Just set the PC clock to the correct date/time and all should be well.

If that isn't the problem, then maybe the server isn't providing the proper certificate chain.
If you provide the site name [FQDN], we can better see (for ourselves) what the problem is.
To that end, please answer the questions provided on post #2.

4 Likes

What are the browser error messages like? It seems like the certificate served by the server is probably not the same one seen by the browsers.

My thought is that the browsers are not actually negotiating a TLS session with the server inside this container, but with some other kind of proxy or CDN or even firewall in between.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.