Certificate Not Valid Before dated 1 hour prior to generation

jskrwyk · November 28, 2017, 7:52pm

I just generated a new certificate as part of my server move. While I was checking the certificate details to ensure it had been installed correctly I noticed the following section

**Not Valid Before** Tuesday, 28 November 2017 at 18:43:17 Greenwich Mean Time

The certificate was generated at Tuesday, 28 November 2017 at 19:43:17 Greenwich Mean Time. Is then intended behaviour or a bug either in the generation or display?

I can’t provide the URL as an example as the DNS hasn’t propagated yet so I’m accessing the site via a modified /etc/hosts on my local machine.

jared.m · November 28, 2017, 8:03pm

This is intended to allow for clock inaccuracies.

cpu · November 28, 2017, 8:28pm

I can confirm @jared.m's response (thanks!) - Let's Encrypt deliberately backdates the certificate Not Before date by 1 hour to help with client clock skew.

system · December 28, 2017, 8:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Valid from date on cert off by 1 hour Help	2	932	October 31, 2019
Ability to generate a Certificate with a Valid From Date in the Past? Feature Requests	5	3950	August 9, 2017
Certificates issued one hour too early? Issuance Tech	2	1429	December 30, 2021
Why my LE cert notbefore date one hour before i apply to issue Help	4	1612	May 31, 2018
Wrong validity timestamps in certificate? Issuance Policy	6	1348	January 26, 2019

Certificate Not Valid Before dated 1 hour prior to generation

Related topics