Error to renew [NET::ERR_CERT_DATE_INVALID]

TIWCS · March 18, 2021, 1:36pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: monitoramento.wcs.com.br

I ran this command: certbot renew

It produced this output:

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/monitoramento.wcs.com.br/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/monitoramento.wcs.com.br/privkey.pem
Your cert will expire on 2021-06-16. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew all of
your certificates, run "certbot renew"
If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

My web server is (include version): Server version: Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version):
CentOS Linux release 7.9.2009

My hosting provider, if applicable, is:
Not applicable

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
I'm not using a control panel to manage my site

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.10.1

Hello, first, I hope you don't mind my grammar, I'm using Translate Google to compose this message.
We published our Zabbix hosted on a CentOS server, the certification process using Letsencrypt was relatively easy. However, recently our certificate has expired. After many attempts to renew the certificate, using the --renew parameter in the certbot command, with the successful return of the renewal, the web page continued to publish the expired certificate.

What information, logs and attempts are needed to count on your help in this case?
Thank you so much!

JuergenAuer · March 18, 2021, 1:58pm

Hi @TIWCS

there

is a new Letsencrypt certificate, not expired. Looks ok, created 2021-03-15.

TIWCS · March 18, 2021, 2:22pm

Sorry, send the wrong domain. The correct domain follows:
https://monitoramento.wcs.com.br

Thanks!

JuergenAuer · March 18, 2021, 4:00pm

Did you restart your server? A certificate is created - don't do that again, there is a rate limit.

If that doesn't help, your config is buggy.

apachectl -S

TIWCS · March 18, 2021, 5:18pm

I ran the command you asked for, and that was the return:

[root@zabbix002 ~]# apachectl -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server monitoramento.wcs.com.br (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost monitoramento.wcs.com.br (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost monitoramento.wcs.com.br (/etc/httpd/conf.d/zabbix.conf:37)
*:80 monitoramento.wcs.com.br (/etc/httpd/conf.d/zabbix.conf:46)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/usr/share/zabbix"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
[root@zabbix002 ~]#

It helps?

TIWCS · March 18, 2021, 5:43pm

We already restart the server!

Thanks!!!

JuergenAuer · March 18, 2021, 5:53pm

There

is your problem.

Two vHosts with the same combination of port and domain name -> that's fatal.

Merge both in one, remove the other.

Check, where the correct certificate is used.

Or remove both and let Certbot create a new (something like certbot --reinstall).

TIWCS · March 18, 2021, 7:01pm

Great !!!!

It worked out!!!! The settings were only configured in zabbix.conf !!!!

Thank you so much!!!

system · April 17, 2021, 7:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.