Certificate is not expired but postman is giving SSL Error: Certificate has expired

Help
1

The existing SSL certificate was due for renewal but the request got failed, I get an 'Error: NET::ERR_CERT_DATE_INVALID' error. I have created a new certificate by changing the certificate name in ingress and re-applied it. It worked well for few days but after I deployed my backend service
recently and then again I am getting SSL Error: Certificate has expired in postman,

If I access my domain with a browser like chrome I can see that my certificate is valid.

My domain is: staging.api.dealcircle.com

I ran this command:
kubectl describe certificates/cert-name

It produced this output:
Event: The certificate has been successfully issued

My web server is (include version): nginx ingress controller on GKE

The operating system my web server runs on is (include version):
Debian GNU/Linux 10 (buster)

I need some help to resolve the below issues

  1. the SSL certificate renewal issue and
    Renewal certificate request failed for: crt.sh | 4771100958

  2. the current issue of getting the "SSL Error: Certificate has expired" even though the certificate is valid.
    current SSL certificate: https://crt.sh/?id=5317413042

2

Hi @satyadev.reddy, welcome to the LE community forum :slight_smile:

The only part of the cert that seems to be expired is the last root ("DST Root CA X3") - which is only in there to benefit the really old Android devices:

---
Certificate chain
 0 s:/CN=staging.api.dealcircle.com
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---

If you don't service any such Oldroids, then you might fix this by removing that last cert.
OR
Reissuing a cert that ends with the self-signed root ("ISRG Root X1")
[not your current cross-signed X1]

I literally have no idea how any of that can be done in your specific environment.
But I think I can at least point you in the right direction... South-by-Southwest!

1 Like
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.