Certificate Renewal


#1

My domain is: ariadne.tech

I ran this to renew:
certbot-auto renew --pre-hook “service nginx stop” --post-hook “service nginx start”

The following command verifies that the certificate was updated:
sudo openssl x509 -enddate -noout -in /etc/letsencrypt/live/ariadne.tech/fullchain.pem
notAfter=Apr 11 08:55:00 2017 GMT

My question is: is this valid and do I have to do more for the expiry bot mails to cease? https://crt.sh/ does not reflect the update so is there something more I should do or doesn’t it matter?

I realise there are similar topics but I am unsure if what I have done is correct.

Thanks.


#2

Yes, you have done everything you need to.

I’d suggest adding the command as a cron, so that it runs regularly, and updates the certificate automatically for you.


#3

Thanks for the reply. I did setup a cron job but it wasn’t running as I missed out the pre and post hooks. Does http://crt.sh/ get updated eventually or this information now irrelevant?

Thanks.


#4

crt.sh will get updates ( there is often about a days lag there).

Google transparency report usually updates more quickly.


#5

Thanks for the explanation.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.