Certification valid but not recognized

l.jimenez · June 10, 2025, 6:39am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: pha25000.pharma.med.uni-muenchen.de

I ran this command: I tried to access via a browser (Chromium AND Firefox).

It produced this output:

Y> our connection is not private

Attackers might be trying to steal your information from pha25000.pharma.med.uni-muenchen.de (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_DATE_INVALID

My web server is (include version): Sorry, I am not sure what you mean with this.

The operating system my web server runs on is (include version): Linux Mint 20.3

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 0.40.0

Description:
When checking my certification, the latest one is from May 8th, 2025. When doing a cert update it tells me it cannot do it, because my certification is valid until August 8th 2025. I have an automated renewal but neither Firefox nor Chromium seem to be able to recognize it. In the certification details it tells me that the last certification was from March 2025 and it expired June 7th 2025. Help? Thanks!

orangepizza · June 10, 2025, 6:53am

you have newer certificate but webserver isn't configed to use that. what webserver you are using?

l.jimenez · June 10, 2025, 6:57am

I am so sorry, but I do not understand what you mean with webserver. I am not an IT person, so the terminology is not always correctly connected to something I did. If you tell me what I need to type in my terminal to access that information, I will do it right away

l.jimenez · June 10, 2025, 6:59am

Could it be that the certbot version is too old?

orangepizza · June 10, 2025, 7:09am

compare with person its like you renewed your passport but you pick up old one into airport:
it looks like you are using eLabFTP and web says server is c2a but I have no idea what it is.

Renew SSL Certificate for eLabFTW · Issue #2806 · elabftw/elabftw · GitHub says you'd want docker exec -it elabftw nginx -s reload but not sure it's right, couldn't go more bad with that command though

l.jimenez · June 10, 2025, 7:10am

When looking at the certbot certificates I get the following output:

Cannot extract OCSP URI from /etc/letsencrypt/live/pha25000.pharma.med.uni-muenchen.de/cert.pem

Found the following certs:
Certificate Name: pha25000.pharma.med.uni-muenchen.de
Domains: pha25000.pharma.med.uni-muenchen.de
Expiry Date: 2025-08-06 03:56:23+00:00 (VALID: 56 days)
Certificate Path: /etc/letsencrypt/live/pha25000.pharma.med.uni-muenchen.de/fullchain.pem
Private Key Path: /etc/letsencrypt/live/pha25000.pharma.med.uni-muenchen.de/privkey.pem

orangepizza · June 10, 2025, 7:11am

that's expected that old version of certbot but that's not reason for webside error.

l.jimenez · June 10, 2025, 7:13am

Solved. Something I did blocked the server. I restarted it and now the key is recognized. Thanks for your time. If you think I should do something in addition to avoid this kind of error, please let me know.
Have a great day!

l.jimenez · June 10, 2025, 7:23am

Thank you for your help. So if someone asks me again what webserver I am using, the answer is elabftw or c2a? I hope it will not be necessary again, but any opportunity to learn is welcome!
I will keep the docker command in mind for future issues. Thanks again for your time and help

orangepizza · June 10, 2025, 7:33am

what did you restarted?

l.jimenez · June 10, 2025, 7:56am

Because I tried to open the site again, and the error from the certificate being invalid did not appear anymore, but rather a site not found error.
From experience I know that when that happens, I need to restart the server so I did. After I restarted it, and I tried to connect to the site, it was working as normal. To be honest, I have no idea why now it is working. I did not update the certbot, neither the apt. I suppose it is one of those "mysterious" computer things? sorry I cannot be of more help for future users with similar issues.

l.jimenez · June 10, 2025, 7:58am

upsy.. the details: I stopped the elabctl elabctl stop and then restarted it with elabctl start

orangepizza · June 10, 2025, 11:33am

test 2~3 months later with if elabctl reload works: anyway you'll need to reload/restart that to use new certificate

Topic		Replies	Views
Renewed certificate, still getting Cert Date Invalid Help	2	475	August 8, 2020
Certificate is not Valid Help	10	12754	June 19, 2018
Ssl certificate not valid Help	4	489	June 5, 2020
Net::err_cert_date_invalid Help	2	472	June 15, 2020
Net::err_cert_date_invalid Help	4	734	July 15, 2020

Certification valid but not recognized

Related topics