Letsencrypt ssl expired in 1 month

aditi_jain · September 15, 2023, 6:33am

i have generated SSL certificate of let's encrypt using certbot docker container which has expiration period of 90 day but got expired in 30 days .

orangepizza · September 15, 2023, 7:40am

nobody can help you about without seeing your site config

webprofusion · September 15, 2023, 10:06am

Also, you have mis-interpreted what you are seeing. If you get a Let's Encrypt certificate now it will last for 90 days, you have no choice and cannot make it last less than that. What's more likely is you are not using the latest certificate.

Osiris · September 15, 2023, 11:34am

When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

aditi_jain · September 19, 2023, 7:32pm

My domain is:

I ran this command: used certbot container to renew ssl certificate.

It produced this output: the certificate was renewed succefully, but got ecpired in 1 month only

My web server is (include version): nginx

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is : certbot --version

certbot 1.22.0

Bruce5051 · September 19, 2023, 7:43pm

What is the domain name?

Osiris · September 19, 2023, 8:05pm

What does this mean exactly? Please provide as many details as possible. E.g., Docker can be configured in literally any way, so without a Dockerfile or something similar we can't provide advice.

Which certificate expired in 1 month? The one installed in your webserver? Or the one known to Certbot? Please provide literal outputs (copy/pastes, screenshots or something like that) and more details e.g. which certificate expired exactly.

aditi_jain · September 20, 2023, 8:30am

i used the official public certbot image to run certbot docker container .
the certificate renewed by certbot was expired in 1 month only.

Osiris · September 20, 2023, 12:18pm

How?

aditi_jain · October 12, 2023, 8:09am

used the official dockerfile for creating image and running certbot docker container
https://hub.docker.com/r/certbot/certbot/dockerfile

Osiris · October 12, 2023, 8:15am

Could you be more specific? Like which commands exactly were used.

I already asked for details earlier. Please use as many details as you can otherwise this thread will get very long, very slowly and most volunteers would simply give up. I know I will pretty soon.

Also, Bruce asked for the domain name, which is mandatory to get help, and I haven't seen it yet.

aditi_jain · October 12, 2023, 10:21am

we started a certbot docker container which was created using the official cetrbot docker image for domain klubcoin.net and when we checked the renewal logs there was no renewal and the certificated got expired before time , after only one month of renewal

Osiris · October 12, 2023, 10:51am

Seems to be working just fine.

Also, Let's Encrypt certs are valid for 90 days and it's currently not possible to change that, so you probably just saw the end of a previous certificate happen.

aditi_jain · October 12, 2023, 12:35pm

we needed to renew it manually as it was not auto renewed by the certbot after 60 days.

Osiris · October 12, 2023, 12:37pm

Without actual commands/docker configuration files et cetera and detailed outputs/log files, we can't help you.

aditi_jain · October 13, 2023, 10:48am

2023-10-08 07:21:37,706:DEBUG:certbot._internal.main:certbot version: 2.6.0
2023-10-08 07:21:37,707:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2023-10-08 07:21:37,707:DEBUG:certbot._internal.main:Arguments: []
2023-10-08 07:21:37,707:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-10-08 07:21:37,747:DEBUG:certbot._internal.log:Root logging level set at 30
2023-10-08 07:21:37,751:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/wallet.klubcoin.net.conf
2023-10-08 07:21:37,773:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7fbddb2e90f0> and installer <certbot._internal.cli.cli_utils._Default object at 0x7fbddb2e90f0>
2023-10-08 07:21:37,819:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2023-10-08 07:21:37,980:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2023-10-08 07:21:37,982:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/wallet.klubcoin.net/cert4.pem is signed by the certificate's issuer.
2023-10-08 07:21:37,983:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/wallet.klubcoin.net/cert4.pem is: OCSPCertStatus.GOOD
2023-10-08 07:21:37,989:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2023-10-08 07:21:37,991:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2023-10-08 07:21:37,991:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2023-10-08 07:21:37,991:DEBUG:certbot._internal.display.obj:Notifying user: The following certificates are not due for renewal yet:
2023-10-08 07:21:37,991:DEBUG:certbot._internal.display.obj:Notifying user:   /etc/letsencrypt/live/wallet.klubcoin.net/fullchain.pem expires on 2023-12-08 (skipped)
2023-10-08 07:21:37,992:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2023-10-08 07:21:37,992:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2023-10-08 07:21:37,992:DEBUG:certbot._internal.renewal:no renewal failures

this is the log of 8 October, even though the certificate is valid till 2023-12-08, the cert expired on 9 October , there were more than 30 days left for the cert expiration the certbot skipped the cert renewal

Osiris · October 13, 2023, 10:55am

The webserver is probably not using the renewed certificate. Perhaps incorrectly configured or maybe it just requires a webserver reload.

system · November 12, 2023, 10:56am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Expiration notice for Let's Encrypt certificate - Help	15	791	May 23, 2021
Certificate expiring before the expiration data Help	10	711	November 16, 2023
Let's Encrypt certificate expiration email Help	8	1164	August 19, 2018
I Want To Renew My SSL Certificate Help	6	830	November 13, 2021
Let's Encrypt certificate expiration notice for domain ".......com" (and 1 more) Help	7	2094	February 21, 2022

Letsencrypt ssl expired in 1 month

Related topics