NET::ERR_CERT_DATE_INVALID but certbot reported it is OK

umahanov · September 21, 2017, 5:08pm

Nginx config references to certificates in live directory:

ssl_certificate /etc/letsencrypt/live/mynamaz.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mynamaz.ru/privkey.pem;

ssl_dhparam /etc/ssl/certs/dhparam.pem;

I restarted nginx many times.

 ➜  renewal certbot renew
    Saving debug log to /var/log/letsencrypt/letsencrypt.log

    -------------------------------------------------------------------------------
    Processing /etc/letsencrypt/renewal/mydomain.ru.conf
    -------------------------------------------------------------------------------
    Cert not yet due for renewal

    The following certs are not due for renewal yet:
      /etc/letsencrypt/live/mydomain.ru/fullchain.pem (skipped)
    No renewals were attempted.

Any checking service shows that my certificate expired 27 August 2017
It is actually expired. But then I did renewal and it renewed, restarted nginx and it was ok.

Then 10 days ago site go down, because of hosting and was not live for 5 days. After it came live again, it is telling me again, that it is expired and is not live. I tried to remove certificate, install it again (same), restarted nginx.

Nothing helps. Any SSL checking service tells me that it is expired.

Any suggestions?

schoen · September 21, 2017, 5:27pm

Hi @umahanov,

Can you show the output of this commands?

ls -l /etc/letsencrypt/renewal /etc/letsencrypt/live/*

umahanov · September 21, 2017, 5:38pm

@schoen

➜  ~ ls -l /etc/letsencrypt/renewal /etc/letsencrypt/live/*
/etc/letsencrypt/live/mynamaz.ru:
total 4
lrwxrwxrwx 1 root root  34 Sep 21 19:29 cert.pem -> ../../archive/mynamaz.ru/cert1.pem
lrwxrwxrwx 1 root root  35 Sep 21 19:29 chain.pem -> ../../archive/mynamaz.ru/chain1.pem
lrwxrwxrwx 1 root root  39 Sep 21 19:29 fullchain.pem -> ../../archive/mynamaz.ru/fullchain1.pem
lrwxrwxrwx 1 root root  37 Sep 21 19:29 privkey.pem -> ../../archive/mynamaz.ru/privkey1.pem
-rw-r--r-- 1 root root 543 Sep 21 19:29 README

/etc/letsencrypt/renewal:
total 4
-rw-r--r-- 1 root root 535 Sep 21 19:29 mynamaz.ru.conf

schoen · September 21, 2017, 6:15pm

So, I just looked at your site in a browser and I currently see it using the new certificate with no errors. Are you seeing something different from that right now?

ahaw021 · September 22, 2017, 4:24am

I am also seeing a green site

https://www.ssllabs.com/ssltest/analyze.html?d=mynamaz.ru&hideResults=on&latest

Andrei

umahanov · September 22, 2017, 2:18pm

@schoen

Thank you so much. Yes, it started to work.

The one thing I did before writing this post - noticed that my dedicated IP address was lost during my site was not live for 5 days.

I don’t know how is it connected with certificate validation, but after I obtained new dedicated IP and did some changes with certificate reinstalling/renewal problem disappeared in a hour or so.

system · October 22, 2017, 2:18pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.