Got a e-mail my certificate will expire in 20 days but got 1825 days

Not sure if the e-mail is a error but after I got it checked Webmin under the “SSL Encryption” It says “Days before expiry” 1825.

What is right?

Is there some easy command to check it?

-Raymond Day

In Webmin I said renew it. Then checked this this command:

root@xxxxxxxx:~# ssl-cert-check -c /etc/letsencrypt/live/xxxxxxxx-0002/cert.pem

Host Status Expires Days
----------------------------------------------- ------------ ------------ ----
**FILE:/etc/letsencrypt/live/xxxxxxxx-0002/cert.pem Valid Nov 6 2016 90 **

So I have 90 days now. To bad I did not check before I said renew in Webmin. Webmin did take all most 1 minute to renew. It came back saying all is good.

-Raymond Day

Let's Encrypt doesn't issue certificates with a lifetime longer than 90 days so a value of "1825" days would be suspicious to me.

Were you able to resolve your problem?

1 Like

also 1825 days is 5 years (not counting leap years) and that is longer than the CAB allows, I think that’s a webmin issue.

My guess would be a self-signed temporary certificate. I would guess that a reasonably common approach from hosting companies is to add a self-signed cert instantly, then behind the scenes try to obtain and install a Let’s Encrypt cert. This way HTTPS “works” instantly, and usually within 1-5 minutes it is secured with Let’s Encrypt instead. Of course, the self-signed cert shouldn’t still be there weeks later when that first Let’s Encrypt certificate is almost expiring…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.