NET::ERR_CERT_DATE_INVALID but certbot reported it is OK

Nginx config references to certificates in live directory:

ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;

ssl_dhparam /etc/ssl/certs/dhparam.pem;

I restarted nginx many times.

 ➜  renewal certbot renew
    Saving debug log to /var/log/letsencrypt/letsencrypt.log

    Processing /etc/letsencrypt/renewal/
    Cert not yet due for renewal

    The following certs are not due for renewal yet:
      /etc/letsencrypt/live/ (skipped)
    No renewals were attempted.

Any checking service shows that my certificate expired 27 August 2017
It is actually expired. But then I did renewal and it renewed, restarted nginx and it was ok.

Then 10 days ago site go down, because of hosting and was not live for 5 days. After it came live again, it is telling me again, that it is expired and is not live. I tried to remove certificate, install it again (same), restarted nginx.

Nothing helps. Any SSL checking service tells me that it is expired.

Any suggestions?

Hi @umahanov,

Can you show the output of this commands?

ls -l /etc/letsencrypt/renewal /etc/letsencrypt/live/*


➜  ~ ls -l /etc/letsencrypt/renewal /etc/letsencrypt/live/*
total 4
lrwxrwxrwx 1 root root  34 Sep 21 19:29 cert.pem -> ../../archive/
lrwxrwxrwx 1 root root  35 Sep 21 19:29 chain.pem -> ../../archive/
lrwxrwxrwx 1 root root  39 Sep 21 19:29 fullchain.pem -> ../../archive/
lrwxrwxrwx 1 root root  37 Sep 21 19:29 privkey.pem -> ../../archive/
-rw-r--r-- 1 root root 543 Sep 21 19:29 README

total 4
-rw-r--r-- 1 root root 535 Sep 21 19:29

So, I just looked at your site in a browser and I currently see it using the new certificate with no errors. Are you seeing something different from that right now?

I am also seeing a green site



Thank you so much. Yes, it started to work.

The one thing I did before writing this post - noticed that my dedicated IP address was lost during my site was not live for 5 days.

I don’t know how is it connected with certificate validation, but after I obtained new dedicated IP and did some changes with certificate reinstalling/renewal problem disappeared in a hour or so.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.