I have LE installed on Ubuntu Server 14.04 LTS for a few domains and the Expiry bot has been misreporting the expiry dates of the certificates. For example, I got an email this morning that certificates for two domains (certs are for both root domain and www domain) are expiring in 0 days.
I have an automated cron job for LE, so I checked the le-renew.log file and found both these domains had failed to renew:
All renewal attempts failed. The following certs could not be renewed:
Next, I ran certbot certificates and found that the cert for domain01 was valid for another 6 days and that for domain02 was valid for another 23 days! These validity dates also match what I see in the browser.
Certificate Name: domain01.org.in
Expiry Date: 2017-12-15 12:29:00+00:00 (VALID: 6 days)
Certificate Path: /etc/letsencrypt/live/domain01.org.in/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain01.org.in/privkey.pem
Certificate Name: www.domain01.org.in
Expiry Date: 2017-12-15 12:33:00+00:00 (VALID: 6 days)
Certificate Path: /etc/letsencrypt/live/www.domain01.org.in/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.domain01.org.in/privkey.pem
Certificate Name: domain02.org.in
Expiry Date: 2018-01-01 11:06:14+00:00 (VALID: 23 days)
Certificate Path: /etc/letsencrypt/live/domain02.org.in/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain02.org.in/privkey.pem
Certificate Name: www.domain02.org.in
Expiry Date: 2018-01-01 11:22:59+00:00 (VALID: 23 days)
Certificate Path: /etc/letsencrypt/live/www.domain02.org.in/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.domain02.org.in/privkey.pem
Can anyone here explain why the LE expiry bot is misreporting the dates?
Also, any suggestions for why the cert renewals are failing?
For what it’s worth, I have run apt-get update and apt-get upgrade which seemed to include a bunch of python related stuff that certbot relies on, but I haven’t yet force-renewed the certs themselves as I am more curious about the discrepancy in the LE expiry bot dates versus what certbot certificates command shows.
Thanks in advance.