Certificate error (date invalid)

What shows?:
certbot certificates

That seems like an incorrect assumption.
If you did a manual DNS challenge, you will have to renew it manually.

1 Like

Certificate Name: workandtravel.world
Serial Number: [[redacted]]
Key Type: RSA
Domains: *.workandtravel.world workandtravel.world
Expiry Date: 2023-08-16 18:01:53+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/workandtravel.world/fullchain.pem
Private Key Path: /etc/letsencrypt/live/workandtravel.world/privkey.pem

That seems like an incorrect assumption.
If you did a manual DNS challenge, you will have to renew it manually.
[/quote]

since which version, i had it working for a while i guess...

A backup/restore won't make that cert any less expired.
You need to obtain a new one.
If you don't need the wildcard, renewal automation is easier.
If you do need the wildcard, then you will have to understand it requires a DSP that allows for API updates and an ACME client with a plugin that supports that DSP.

1 Like

Since wildcard certs have been issued by LE.
You must reauthenticate via DNS for each and every issuance [renewals are issuances].

1 Like

What is a DSP, i will search for it and implement it, my content management system can use a DSP.

Kind regards, Remco

1 Like

There is no need to redact public information:

Furthermore, that cert is already expired.

1 Like

I am currently using it, don't want to bring my system down...

DNS
Service
Provider

1 Like

Using what?
The cert shown is expired - it needs to be replaced.

2 Likes

what happended to crt.sh | 10689063872 ?

3 Likes

i tried reinstalling the system but with over a million files it is very slow in docker, i cancelled it and when i login it restores the certificates stored in my data directory. it seems it got overwritten by my script and the backup isn't overwriting the restore point.

I am currently enjoying other things than software so i cannot check it.

i have checked my steps:

when i log in, i do a restore of the certificates without a apache2 restart / refresh yet.
certbot certificates shows then that they are all expired (after the backup is restored)
certbot renew will update the certificates to the valid ones
i will create a backup here.
i will restart apache2 here
mail myself the certifcates
log in to my dns provider with a chrome browser
use expect to read the challenges and automate it further. thats not that easy by the way, is there a chance to automate wildcard domains, i am using 1 level subdomains and i believe that is more secure then using one domain.

also for a keyserver you can use uuids as a subdomain and wait for 5 invalid attempts from other services and change the subdomain easy...

Why would step one be to restore?
If nothing has changed, the restore would not change anything.
If anything has changed, the restore would overwrite it with older information.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.