Certificate renewed but expiry date unchanged


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
ikhokhaserver.com

I ran this command:
certbot renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/ikhokhaserver.com.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ikhokhaserver.com
http-01 challenge for www.ikhokhaserver.com
Waiting for verification…
Cleaning up challenges


new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/ikhokhaserver.com/fullchain.pem



Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/ikhokhaserver.com/fullchain.pem (success)


My web server is (include version):
nginx 1.4.6
The operating system my web server runs on is (include version):
Ubuntu 14.04

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.28

I updated to certbot 0.28 and followed instructions here: How to stop using TLS-SNI-01 with Certbot

Certificate successuflly renewed but date is unchanged. This has been working reliably for years now until the update.


#2

Hi @Yakumo01

reload your server.


#3

I have done so several times. No change


#4

Can you post the output of “sudo certbot certificates”?


#5

Hey sorry. I found it it was like zombie processes from nginx keeping it alive even after it was supposedly stopped. Force killing them all and restarting made the certificate come right. Thanks for the support.


#6

Ah, thanks, good to know.

So if a certificate isn’t visible, a “zombie check” is required.