Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: arbor.potrzebie.org
I ran this command: (in browser) https://arbor.potrzebie.org
It produced this output: Your connection is not private: NET::ERR_CERT_DATE_INVALID
My web server is (include version): nginx-1.20.1_2,2
The operating system my web server runs on is (include version): FreeBSD 13.0-RELEASE-p4
My hosting provider, if applicable, is: self
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): certbot 1.18.0
Greetings. The webserver arbor.potrzebie.org uses an intermediate R3 cert from DST which expired today. As a result it's no longer reachable using https.
I've seen other posts saying just rebooting other OSs will force the server to use the LE R3 cert (which expires in 2025) instead of the expired DST one. That's not the case with this FreeBSD server.
Thanks in advance for clues on how to update the trust chain here. I tried 'certbot renew --force-renew' but that failed, presumably because the system relies on an expired intermediate cert.