My cert is valid, but browser says it's expired

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot renew

It produced this output: Cert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/ expires on 2020-07-23 (skipped)
No renewals were attempted.

My web server is (include version): Ubunto 18.04

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

It doesn’t look expired to me:

$ openssl s_client -connect -showcerts 2>/dev/null | openssl x509 -noout -dates
notBefore=Apr 24 21:26:28 2020 GMT
notAfter=Jul 23 21:26:28 2020 GMT

I can open it in a browser just fine, too.

1 Like

Thanks _az, I appreciate you taking the time to look. I believe I figured out the problem. I had renewed the cert, but I never restarted the server so it wasn’t using it. I just restarted it and it seems to have solved the problem.

1 Like

Great. If Certbot isn’t reloading your server after renewal already, you can drop an executable shell script into /etc/letsencrypt/renewal-hooks/deploy/ with something like (depending how you reload):

/usr/local/lsws/bin/lswsctrl reload

and that would save you having to do it manually in future.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.