Certificate reports expired on server websites but still valid on Ubuntu server

WebServer unable to provide an https connection.
Certificate reports as:
rslothlorien.ddns.net
Issued By: R3
Expired: Sunday, 01 October 2022 at 12:12:37 South Africa Standard Time
'rslothlorien.ddns.net' certificate has expired

sudo certbot certificates
reports


Found the following certs:
Certificate Name: rslothlorien.ddns.net
Serial Number: 3b3ff13eede8259c9e79b18a6474a75e2f0
Key Type: RSA
Domains: rslothlorien.ddns.net
Expiry Date: 2022-11-30 11:32:07+00:00 (VALID: 57 days)
Certificate Path: /etc/letsencrypt/live/rslothlorien.ddns.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/rslothlorien.ddns.net/privkey.pem


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: rslothlorien.ddns.net

I ran this command:
sudo certbot renew

It produced this output:
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/rslothlorien.ddns.net/fullchain.pem expires on 2022-11-30 (skipped)
No renewals were attempted.

My web server is (include version):
Server version: Apache/2.4.52 (Ubuntu)
Server built: 2022-06-14T12:30:21

The operating system my web server runs on is (include version):
Ubuntu 22.04.1 LTS

My hosting provider, if applicable, is:
N/A

I can login to a root shell on my machine (yes or no, or I don't know):
YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
cerbot 1.21.0

1 Like

Welcome to the Let's Encrypt Community, Ian! :slightly_smiling_face:

sudo apachectl -k graceful

6 Likes

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 45.158.186.132. Set the 'ServerName' directive globally to suppress this message

1 Like

6 Likes

Webmin
https://rslothlorien.ddns.net:10000/

Why when I include the port am I not getting an SSL connection?
NET::ERR_CERT_DATE_INVALID

1 Like

I suspect that your Apache VirtualHost for that port is pointing to the wrong certificate.

sudo apachectl -S

6 Likes

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 45.158.186.132. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 rslothlorien.ddns.net (/etc/apache2/sites-enabled/000-default-le-ssl.conf:3)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

1 Like

SSLCertificateFile /etc/letsencrypt/live/rslothlorien.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rslothlorien.ddns.net/privkey.pem

1 Like

So it's not Apache serving on port 10000:

Server: MiniServ/2.000

You need to change that configuration to point to the live certificate, not a specific, archived certificate.

6 Likes

Was doing ok following up to now. This is over my head. Webmin running on Port 10000. Where is that change required?

1 Like

Pretty sure this is where you need to operate:

6 Likes

Sorry that was my mistake. Webmin running on port 10000

2 Likes
6 Likes

Hmmm thanks. The certificate was installed but now showing as expired. Need to use the valid certificate that is on Apache?

2 Likes

Correct. Webmin has an old certificate installed. It doesn't automatically update when installed manually.

6 Likes

How do I update that via the command line (no GUI access due to cert issue)

1 Like

https://www.digicert.com/kb/ssl-certificate-installation-webmin.htm

6 Likes

Thank you. Reading....

1 Like

Personally, I would point your configuration in miniserv.conf to your live certificate. This may help:

6 Likes

Yes agreed, this is what I want to do

1 Like