It reports that my certificate expired on Tue, 16 Aug 2016 23:13:00 GMT.
However, when I run certbot-auto renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start", I get
`Requesting root privileges to run certbot…
/home/kratib/.local/share/letsencrypt/bin/letsencrypt renew --standalone --pre-hook service nginx stop --post-hook service nginx start
The following certs are not due for renewal yet:
/etc/letsencrypt/live/ethereum.karimratib.me/fullchain.pem (skipped)
No renewals were attempted.
`
which seems to mean certbot considers the certificate to be current.
The first thing to spring to mind is verify that nginx is using the correct certs in: /etc/letsencrypt/live/ethereum.karimratib.me/
and not in: /etc/letsencrypt/archive/ethereum.karimratib.me/
That’s where I’d start. Certbot is generally not wrong about whether renewing is required, but I can’t actually reach your site (I get either “403 forbidden” or “Problem Loading Page”) to see what’s happening.
Where is nginx finding it’s certs?
EDIT: You should always use the certs in “live”. When you renew your certs, they’re stored in “archive” along with all your previous certs. “Live” actually has symlinks pointing to your latest certificates. If you point to the certs in “archive”, you’ll have to manually update nginx every three months!
That was it! The config file was pointing to the certificate files in
archive.
Fixed and it works, thanks so much.
Fwiw, I am serving using jupyter, so the relevant config is located in
~/.jupyter/jupyter_notebook_config.py, under keys c.NotebookApp.certfile
(cert.pem) and c.NotebookApp.keyfile (privkey.pem).
I’m having this issue too. The command I’m trying is below:
# /root/certbot-auto renew --no-self-upgrade
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mpen.ca.conf
-------------------------------------------------------------------------------
The following certs are not due for renewal yet:
/etc/letsencrypt/live/mpen.ca/fullchain.pem (skipped)
No renewals were attempted.
Nginx shows the exact same .pem file as listed there:
What gives? Let’s Encrypt/Certbot has not worked once for me yet. Every 3 months and 2 days I get an email from one of my clients telling me my site doesn’t work because the cert is expired again, and because certbot doesn’t allow us to renew early anymore, I have less than 24 hours to verify my cron works.
Oh? I forget where I got my information from. I think some tutorial I was following said I had to put a cron for every 12 hours or so because it wouldn't renew until just before expiry.
Anyway, I figured out my issue yesterday. It appears it wasn't actually certbot's fault. Nginx wasn't reloading the cert, no matter what I tried, even if I stopped and started the service, it kept serving the same cert. Rebooting my entire server fixed the issue.
