[INFO] Expiration certificate date


#1

I am using Let’s encrypt on my production server to handle SSL certificate.
My website certificate will expire next week so I regenerated it using the letsencrypt-auto renew command (I didn’t set cron task yet)

The last log I get is 2016-08-20 17:12:20,305:DEBUG:certbot.renewal:no renewal failures which mean certificate has been successfully regenerated

But when I go back to my website and check the certificate properties it still says that it will expire next week.

So:

  • Does Let’s Encrypt wait the last day of certificate to update its new expiration in browser ?
  • Did my new certificate is not working properly which explain browser still give me next week as expiration ?

Can someone help me to clarify the way certificates expiration date works ?
Thanks for your help !


#2

You don’t quite provide enough information for me to confirm exactly what has happened, but hopefully I can be close :wink:

with the “letsencrypt-auto renew” it will renew your certificate if you have less than 30 days before it expires. It does look as if the certificate was renewed (but can’t confirm 100% without your domain name ).

Once you have a new certificate, if everything was configured correctly to point to the certificates in /etc/letsencrypt/domain/live … then you simply need to reload your apache / nginx / whatever to start using that new certificate.

If you copied the certificate to a different location, that letsencrypt knows nothing about for use - then of course you would need to similarly copy the new certificate and reload you apache / nginx …

Does that make sense ?


#3

Thanks for your help ! I does make sense to me.
I didn’t give you the domain name so here is it: https://www.lr-agenceweb.fr

I already had certificates working before for this domaine name so I guess the regeneration will still use the same path as I filled in my Nginx virtual host:

Extract of my vhost:

ssl_certificate /etc/letsencrypt/live/www.lr-agenceweb.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.lr-agenceweb.fr/privkey.pem;

The only thing I didn’t do was to restart Nginx.
I will try it now.

Edit: After reloading Nginx, the expiration date was updated properly ! Thanks again !


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.