New cert expires on same day as old cert


#1

Please fill out the fields below so we can help you better.

My domain is: asciiexpress.net

I ran this command: ./letsencrypt-auto certonly --standalone -d asciiexpress.net -d www.asciiexpress.net

It produced this output:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/asciiexpress.net/fullchain.pem. Your cert
    will expire on 2017-01-18. To obtain a new or tweaked version of
    this certificate in the future, simply run letsencrypt-auto again.
    To non-interactively renew all of your certificates, run
    "letsencrypt-auto renew"

My operating system is (include version): Ubuntu 16.04

My web server is (include version): apache2 (2.4.18)

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I have 2 other domains on this server and had no problem updating their certs (they now expire 3 months out). I am unsure why this domain is still expiring in 2 days.

Thanks.


#2

using certonly has obtained a new cert for you - but it hasn’t configured apache or reloaded it.

I would suggest first just trying a reload of apache ( service apache2 reload ) and see if that picks up the new cert. If that doesn’t then check in your apache config which cert it refers to, and check it’s the latest one ( should be in /etc/letsencrypt/live/…)


#3

Apache was already restarted, the output above came from letencrypt tool. After some digging around it appears on the last renew some symlinks were pointed to a 0001 version. After cleaning up the links and making it look like the other domains and re-renewing it worked. I speculate the new certs were download but the tool was looking at the old certs when giving me the old date. Fixed now.


#4

Hello @datajerk,

If you ran that command today and produced that output that is strange, the expire date is not correct, maybe it is some kind of bug of the letsencrypt-auto version you are using, the current version is not named letsencrypt but certbot and the last version is 0.10.1.

Today you have already issued 3 valid certs for asciiexpress.net that will expire on 2017-Apr-16.

CRT ID    DOMAIN (CN)           VALID FROM              VALID TO                EXPIRES IN  SANs
77848068  asciiexpress.net      2017-Jan-16 17:45 CET   2017-Apr-16 18:45 CEST  89 days     asciiexpress.net
                                                                                            www.asciiexpress.net

77847628  asciiexpress.net      2017-Jan-16 17:42 CET   2017-Apr-16 18:42 CEST  89 days     asciiexpress.net
                                                                                            www.asciiexpress.net

77846789  asciiexpress.net      2017-Jan-16 17:37 CET   2017-Apr-16 18:37 CEST  89 days     asciiexpress.net
                                                                                            www.asciiexpress.net

So those certs should be on your server, check the end date for your current certificate:

openssl x509 -in /etc/letsencrypt/live/asciiexpress.net/cert.pem -enddate -noout

If the end date is not 2017-Apr-16 check if you have some dir like asciiexpress.net-0001 on /etc/letsencrypt/live/ dir because maybe it has been duplicated.

If the end date is correct, you should take a look to your apache config and check that you are using the right paths to your cert.

Edit: Seems you resolved it when I was writing this post ;).

Cheers,
sahsanu


#5

Agree, a bug with letsencrypt-auto. I’ll switch to certbot on next renew. Thanks.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.