Certificate Not Valid Before dated 1 hour prior to generation

I just generated a new certificate as part of my server move. While I was checking the certificate details to ensure it had been installed correctly I noticed the following section

**Not Valid Before** Tuesday, 28 November 2017 at 18:43:17 Greenwich Mean Time

The certificate was generated at Tuesday, 28 November 2017 at 19:43:17 Greenwich Mean Time. Is then intended behaviour or a bug either in the generation or display?

I can’t provide the URL as an example as the DNS hasn’t propagated yet so I’m accessing the site via a modified /etc/hosts on my local machine.

This is intended to allow for clock inaccuracies.

3 Likes

I can confirm @jared.m’s response (thanks!) - Let’s Encrypt deliberately backdates the certificate Not Before date by 1 hour to help with client clock skew. :mantelpiece_clock::turtle:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.