Is the date in the third column notBefore or notAfter?

refs. Questions about Renewing before TLS-ALPN-01 Revocations

The article describes it as follows.

123456,"03e1ce2c0324f9ca93417fc8886f87f34857","2022-01-25T18:25:29Z","letsencrypt.org","www.letsencrypt.org","status.letsencrypt.org"

The third column is the time at which the certificate was issued (in RFC3339 format, i.e. YYYY-MM-DDTHH:MM:SSZ, all times UTC).

However, the first line of the CSV says "regID", "serial", "notAfter", "names".

I think it's the expired date (notAfter), not the issued date (notBefore).

2 Likes

Hello @cocurl, welcome to the forum and nice catch! :smiley:

The 3rd column is supposed to show the issue date (notBefore) as indicated in the text you quoted. This is further indicated in @jillian's comment, "...on 28 January 2022 we we will revoke certificates issued in the last 90 days and validated with the TLS-ALPN-01 challenge."
So that would be the issue (notBefore) date, not the expiry (notAfter) date - a typo.

@jillian, It appears an error was made in the cvs file, first line. "notAfter" should be "notBefore".

3 Likes

As a general note for everyone's benefit, the notBefore date is actually one hour before the certificate was actually issued because Let's Encrypt backdates by an hour at issuance.

4 Likes

Is it true that notBefore is correct, really?

So why are the dates in the CSV records in the future?

$ head tls-alpn-01-affected-certs-by-regID.csv 
"regID","serial","notAfter","names"
26086,"0344ad2fdfbc9e68916396e873b6e2db0f03","2022-04-22T09:00:57Z","jasonweb.home.harromans.com"
26086,"03e6c31b7a187aa9a8d4629616b165de0a15","2022-04-10T09:01:08Z","octopi.home.harromans.com"
26086,"0400f846e9171521d7590744d09dcb3e93d0","2022-02-18T21:02:03Z","sw.home.harromans.com"
26086,"0460a7c9721f3d826d8a27cd6b1e6c14c771","2022-02-09T04:43:55Z","octopi.home.harromans.com"
26086,"04fb21af375d49eceefddba648804699f7db","2022-02-21T09:01:49Z","jasonweb.home.harromans.com"
3 Likes

The CSV file earlier also stated notBefore, but was corrected after someone saw the error and mentioned it. It seems the website wasn't corrected.

6 Likes

I've opened a PR to fix this: Fix notbefore by osirisinferi · Pull Request #1384 · letsencrypt/website · GitHub

6 Likes

@Osiris Thanks for making the Pull Request.

I'll close this thread once the web page is fixed or I get a response from the person responsible.

4 Likes

Yes, you've spotted an error that was pointed out to us a few days ago. We corrected and re-uploaded the file, but it looks like the website change didn't happen. Earlier versions of that file have the wrong column name so the PR for the website should probably note that information.

thanks @Osiris for the PR, I'll try to get some Let's Encrypt :eyes: on it today!

6 Likes

Thank you for confirming. Best regards.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.