Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: shafer.ca
I ran this command:sudo openssl x509 -in /etc/letsencrypt/live/shafer.ca/cert.pem -text -noout
It produced this output:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:33:c3:f1:47:3e:2a:93:39:ee:2a:4e:05:bd:0a:0d:76:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
Validity
Not Before: Mar 22 00:45:28 2019 GMT
Not After : Jun 20 00:45:28 2019 GMT
Subject: CN=shafer.ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e1:68:55:c6:06:aa:ab:46:05:78:b4:17:8a:2c:
0e:14:17:a8:25:0f:b9:62:eb:51:86:ad:7c:29:28:
a8:69:1a:ad:2b:ad:c3:2e:9e:f6:4f:72:98:9d:8b:
d9:6f:97:cc:e4:5a:ad:e6:70:78:07:3b:74:ca:6e:
c4:61:db:4a:f3:5c:87:6d:7c:de:ed:46:ca:a7:fe:
46:7d:66:73:ea:45:65:05:de:89:65:9a:a2:09:9c:
cf:47:5a:4c:00:20:9d:43:0a:a9:2d:e8:c7:e3:eb:
5b:12:83:95:4d:41:1b:4f:a5:c4:dd:94:94:f6:b7:
d3:f3:e2:24:2c:4f:b8:41:c3:25:21:d5:09:6e:66:
bf:03:b5:c8:4b:74:23:a1:c4:05:4e:9e:9c:54:ed:
18:f8:ae:15:95:c6:d5:a8:53:e2:15:fc:bc:fe:57:
3d:b0:64:f5:e1:a0:a7:cb:c2:f9:80:c8:ca:3d:dd:
75:68:f2:14:06:e2:4d:42:64:1a:3e:c6:b1:b7:4b:
4c:34:bb:95:03:a3:bd:3a:a8:d4:f2:73:51:61:48:
a8:ff:44:2a:ac:63:23:db:96:0b:8a:1d:2c:03:4f:
da:37:1d:fc:b1:de:f0:f5:0d:b2:77:e5:81:dc:12:
44:4f:bf:da:a9:b6:7c:df:04:60:7f:87:67:17:ee:
48:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
28:F2:81:41:DC:1D:7C:6B:27:2D:CB:73:2B:F2:0B:41:B0:D0:94:B8
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
Authority Information Access:
OCSP - URI:http://ocsp.int-x3.letsencrypt.org
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:shafer.ca, DNS:www.shafer.ca
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1(0)
Log ID : E2:69:4B:AE:26:E8:E9:40:09:E8:86:1B:B6:3B:83:D4:
3E:E7:FE:74:88:FB:A4:8F:28:93:01:9D:DD:F1:DB:FE
Timestamp : Mar 22 01:45:28.456 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:A3:79:6C:79:60:B9:D8:38:79:52:13:
05:85:9F:11:60:6C:C4:CB:A6:FC:0E:7F:1A:B3:66:72:
3C:37:DA:64:78:02:20:2A:8A:BB:14:50:0B:92:3E:C0:
59:AA:CE:77:71:14:5E:C7:1D:A7:50:72:9F:66:10:91:
D9:27:52:ED:F3:F0:9C
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 63:F2:DB:CD:E8:3B:CC:2C:CF:0B:72:84:27:57:6B:33:
A4:8D:61:77:8F:BD:75:A6:38:B1:C7:68:54:4B:D8:8D
Timestamp : Mar 22 01:45:28.527 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:DB:ED:D8:EC:F4:54:D7:01:7F:C3:FD:
AB:A6:BE:4A:33:21:2F:08:50:48:21:9D:EE:3E:6F:68:
EB:C8:C6:13:35:02:20:71:44:59:D6:27:ED:75:8A:73:
64:5B:95:9C:F0:68:0C:37:DD:0D:97:D2:F7:26:05:43:
B7:C6:7B:84:02:46:CF
Signature Algorithm: sha256WithRSAEncryption
2a:d1:f0:82:d8:70:ac:35:fe:1d:a6:25:4d:da:80:27:80:1f:
05:f2:97:1d:18:42:73:32:8d:8a:85:cd:6f:e9:04:66:2f:e2:
0c:fa:df:a6:1b:8e:31:27:b2:88:3c:f3:e2:7c:3f:da:73:d9:
77:2a:b3:2f:76:a0:c6:50:c9:3f:99:2e:3a:3f:a2:0e:d3:de:
36:79:37:ec:9f:47:92:79:8c:6f:61:ad:4e:56:ca:c8:bf:fe:
7a:85:5d:fb:47:4a:75:20:1c:39:64:f1:a6:06:bd:b2:7d:5e:
79:81:02:94:1a:6f:54:2e:d5:b4:55:c0:bf:ad:f7:21:08:eb:
c8:5a:bd:54:9f:fb:b0:cd:99:84:29:27:38:9b:c5:2b:95:61:
32:a4:91:19:c4:d4:9b:39:59:51:b6:8a:22:ef:36:d1:f0:d2:
89:bd:3e:57:fe:cc:bd:9c:91:d2:c2:18:9c:f3:f7:15:2f:f3:
50:3c:c4:fa:77:f6:03:99:47:62:23:91:a2:27:5e:1e:30:a0:
d3:fa:10:12:3b:93:06:7d:ed:0e:f0:ae:95:b1:fa:34:97:f1:
1f:40:54:d1:8b:4a:9a:f2:3d:6d:3b:c1:61:ea:d3:f2:5f:26:
d0:9a:3c:52:a3:95:36:49:27:e5:19:36:f7:e4:34:a5:f1:cc:
4b:7d:2d:31
My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2019-04-03T13:34:47
The operating system my web server runs on is (include version):
Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-1079-aws x86_64)
My hosting provider, if applicable, is:
Amazon AWS
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
certbot 0.31.0
I get an email thats says this certificate is expiring.
Your certificate (or certificates) for the names listed below will expire in 10 days (on 17 Apr 19 05:30 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
When I do a
sudo certbot renew --dry-run
It says none of my certificates are up for renewal.
I have recently restarted my server.
I understand that they will be auto renewed by crontab. Do I need to install something in crontab or is it auto installed when i installed certbot?