Got a e-mail my certificate will expire in 20 days but got 1825 days


#1

Not sure if the e-mail is a error but after I got it checked Webmin under the “SSL Encryption” It says “Days before expiry” 1825.

What is right?

Is there some easy command to check it?

-Raymond Day


#2

In Webmin I said renew it. Then checked this this command:

root@xxxxxxxx:~# ssl-cert-check -c /etc/letsencrypt/live/xxxxxxxx-0002/cert.pem

Host Status Expires Days
----------------------------------------------- ------------ ------------ ----
**FILE:/etc/letsencrypt/live/xxxxxxxx-0002/cert.pem Valid Nov 6 2016 90 **
root@xxxxxxxx:~#

So I have 90 days now. To bad I did not check before I said renew in Webmin. Webmin did take all most 1 minute to renew. It came back saying all is good.

-Raymond Day


#3

Let’s Encrypt doesn’t issue certificates with a lifetime longer than 90 days so a value of “1825” days would be suspicious to me.

Were you able to resolve your problem?


#4

also 1825 days is 5 years (not counting leap years) and that is longer than the CAB allows, I think that’s a webmin issue.


#5

My guess would be a self-signed temporary certificate. I would guess that a reasonably common approach from hosting companies is to add a self-signed cert instantly, then behind the scenes try to obtain and install a Let’s Encrypt cert. This way HTTPS “works” instantly, and usually within 1-5 minutes it is secured with Let’s Encrypt instead. Of course, the self-signed cert shouldn’t still be there weeks later when that first Let’s Encrypt certificate is almost expiring…


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.