Certificates have not been renewed

Hello,

our certificates have not been renewed. can you manage and extend this?

our domain is veenkergmbh.de

Thanks very much

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: veenkergmbh.de

I ran this command: no command

It produced this output: Websites confirm their identity using certificates that are valid for a specific period of time. The certificate for dms.intra.veenkergmbh.de expired on April 18, 2023.

My web server is (include version): intra.veenkergmbh.de

The operating system my web server runs on is (include version): Windows

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2 Likes

No, Let's Encrypt solely uses the ACME protocol for certificate issuance and offers their services using an ACME server. And thus issuance/renewal needs to be done by an ACME client.

Depending on your situation either your hosting provider takes care of issuance/renewal or you're responsible for that yourself.

4 Likes

but since yesterday it doesn't work anymore and no renewals were attempted.

"Cert not yet due for renewal"

1 Like

Ah, so you're using Certbot. That was a good thing to note earlier.

From the CT log monitor at https://crt.sh/?deduplicate=Y&q=veenkergmbh.de I can see your certificate was renewed perfectly yesterday. So Certbot correctly notes it is not yet due for renewal.

I don't have any experience with Windows environment and you haven't mentioned which webserver you're using (Apache? nginx? IIS?), so maybe it's a simple as reloading your webserver or it might be more difficult and maybe the cert needs to be reinstalled or something like that.

4 Likes

thank you so much,

how can i reinstall the Certificate?

2 Likes

I don't know, you're not providing enough information.

4 Likes

If all else fails, try rebooting.

4 Likes

This is the certificate presently being served https://decoder.link/sslchecker/dms.intra.veenkergmbh.de/443
like 59 days left until it expires.

$ openssl s_client -showcerts -servername dms.intra.veenkergmbh.de -connect dms.intra.veenkergmbh.de:443 < /dev/null
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = dms.intra.veenkergmbh.de
verify return:1
---
Certificate chain
 0 s:CN = dms.intra.veenkergmbh.de
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar 19 03:01:20 2023 GMT; NotAfter: Jun 17 03:01:19 2023 GMT
-----BEGIN CERTIFICATE-----
MIIIsjCCB5qgAwIBAgISBKHllQLvyn0PtyGH/tYQb+riMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAzMTkwMzAxMjBaFw0yMzA2MTcwMzAxMTlaMCMxITAfBgNVBAMT
GGRtcy5pbnRyYS52ZWVua2VyZ21iaC5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBAM1mwA+L2jC1yfJt797KjIzPKPwP6o/17wsvzmqUYeWvJmeuwSM8
CeyexyrzMtSAZbmqIQ+65gVjo5tSbumyfWyEei3SRGhyhJXaPKUeoOW17+CZpqRr
cuoglm2bZlQgcKUx0ytUwz2NBhUea5tcX4e3L4LmYeVwtUoSmP/WHViFrfHsV0uj
fYRnAa4Ofl9jAn499cyJea0nwtERq5DMA+h1XVz63vcdPSZ8aBZ7DHRLRXRgkOL5
ShoppA6MvwPHEJtN/3Q7QjxqgYw5nUfMubH6zQvpcE3zNip///TegyEJoaHZ7tZp
HUpW9f+x5Hlr2143khmZS6WSVnbupJUPy338F6QwHuecpI4OYSvkLR5FDLU9XrQO
X+YlwmubAdd1+1eMd2AxQ85t0ZliyogJBJ247Q7SfxzKRSkc+oNZ8lj4Hn/yOJIP
fa15FIjC5XuZ7OL3fokkcs0AqEbFIaMJWgt4GFPVJH/sT2Ub1T3jc5QO309tM+6M
X85jI6oO5mSCTRHE8SjEjXnxeK6gJNN/jsX0Re9BGJcXG8bIRO4H6PZEU/BQcTS0
asT9tZpIQ2t7P1h+kDI+AAn6IxD2kKVSQrtwyUyJDDqJGlL2rY7WBEZ6OGvMyORp
DlCXa0p+3mZL/ALqZMlqS3bc7zugpownldai++Uk4/1GcIksnSSGAwO9AgMBAAGj
ggTPMIIEyzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFgNooeLRaVsFxK9MpuhSBGl
CloGMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEB
BEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUF
BzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMIICnQYDVR0RBIIClDCCApCCIWF1
dG9kaXNjb3Zlci5pbnRyYS52ZWVua2VyZ21iaC5kZYIbYXV0b2Rpc2NvdmVyLnZl
ZW5rZXJnbWJoLmRlghhkbXMuaW50cmEudmVlbmtlcmdtYmguZGWCHWV4Y2hhbmdl
LmludHJhLnZlZW5rZXJnbWJoLmRlghdleGNoYW5nZS52ZWVua2VyZ21iaC5kZYIh
ZXhjaGFuZ2UyMDEzLmludHJhLnZlZW5rZXJnbWJoLmRlghtleGNoYW5nZTIwMTMu
dmVlbmtlcmdtYmguZGWCGWdpcGYuaW50cmEudmVlbmtlcmdtYmguZGWCE2dpcGYu
dmVlbmtlcmdtYmguZGWCGWppcmEuaW50cmEudmVlbmtlcmdtYmguZGWCHXJhZGlj
YWxlLmludHJhLnZlZW5rZXJnbWJoLmRlghdyYWRpY2FsZS52ZWVua2VyZ21iaC5k
ZYIccmVkbWluZS5pbnRyYS52ZWVua2VyZ21iaC5kZYIWcmVkbWluZS52ZWVua2Vy
Z21iaC5kZYIgc29sLWFyY2FkaXMuaW50cmEudmVlbmtlcmdtYmguZGWCGnNvbC1h
cmNhZGlzLnZlZW5rZXJnbWJoLmRlghhzb2wuaW50cmEudmVlbmtlcmdtYmguZGWC
EnNvbC52ZWVua2VyZ21iaC5kZYIjdmVlY29udHJvbGxpbmcuaW50cmEudmVlbmtl
cmdtYmguZGWCHXZlZWNvbnRyb2xsaW5nLnZlZW5rZXJnbWJoLmRlghV2ZWVpdDMw
MTYzLmR5bmRucy5vcmeCIHZlZWtvbnRha3RlLmludHJhLnZlZW5rZXJnbWJoLmRl
ghp2ZWVrb250YWt0ZS52ZWVua2VyZ21iaC5kZTBMBgNVHSAERTBDMAgGBmeBDAEC
ATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNl
bmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AHoyjFTYty22IOo4
4FIe6YQWcDIThU070ivBOlejUutSAAABhvgHaZ8AAAQDAEgwRgIhAOZKiHD382in
zQ3UhiqQME776gGZEWTkitFCnmJ/3R40AiEAlwkhrNcAYapLXeedHeYTvfgzV12v
iJp7CX0zQ4zzlqkAdQDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAA
AYb4B2mMAAAEAwBGMEQCIHvg7AnyNrQFNtN6J/lbBbRTseFPm0wuw8ama/QosZsl
AiBVZrGwkOQ7dLZjF7aTl2T+fJ1QLgIfzU4RQ8eoihD8QTANBgkqhkiG9w0BAQsF
AAOCAQEAsb5DbIiTYjKwi9WRzR3ZnPVv2rk9gUo7rfXDzTw13SbpWQpYT1zV/L7W
uvGtDlt2Op+jY4FP65ZCuiBt4ObqAAh47AKboC4nU8jVOofmbl/LNfW53n3+QUGh
l6C1S/ptAPnr8U7kIOn7UuKflVq6EFitI8hEpcR9DoYJJ7pqFa0wBzP8CalC6zhW
ckTNu50WFyGG/DNdPPf7lpU04lA4o3VffyGn2/pHA/dAyw7Q0lehhQk/s/rcRxC4
h9re5J/e6uyMq3ryEox4ZMekxGju4jJoRlOZvx1qKFOme9nmlD4jPyq0fTGnoAfB
DDhtljADhlHSN5XtOAKNsnHIfW6GKA==
-----END CERTIFICATE-----
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
---
Server certificate
subject=CN = dms.intra.veenkergmbh.de
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5689 bytes and written 452 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: AA75C118FD4032CF5E21B65AF7E1024CFA26B229E23F25274624393790D73138
    Session-ID-ctx:
    Master-Key: 27401C946DFD763DA34947DDA4E551812B8279B37A366BC9B41E0879693C54A741DFB7F3D7FCA04837DA17C7D8FFC25B
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1681862898
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
DONE
2 Likes

Where do you see/check this?

It appears to have been renewed almost one month ago.
See: crt.sh | dms.intra.veenkergmbh.de
image

4 Likes

You're using Apache as your web server, so you need to restart apache for it to pick up the updated certificate which it appears you have done already, so it should all be fine now.

1 Like

Hello,

thanks for your help.
after renewing the certificate, shows these messages:

"Websites confirm their identity using certificates that are valid for a specific period of time. The certificate for dms.intra.veenkergmbh.de expired on April 18, 2023.

Error code: SEC_ERROR_EXPIRED_CERTIFICATE"

image

1 Like

I don't get that expired certificate anywhere when I surf to https://dms.intra.veenkergmbh.de/

How/where do you get it? Perhaps you need to clear your browsers cache.

2 Likes

The image shown states that the cert doesn't need to be renewed [thus, it is NOT expired].

Please show us:
certbot certificates

And since we are talking about Apache...
Please also show:
sudo apachectl -t -D DUMP_VHOSTS

2 Likes

You (or the person seeing this problem) need to reboot the machine you/they are using to browse the website with - it appears to be caching old information.

1 Like

thanks for your help christopher,
I have to reinstall the certificates on VM. everything is back to normal now :slight_smile:

I wish you a nice day

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.