New certificate is not recognize by browsers or services

HolyPastry · April 16, 2025, 12:05pm

Hi,

I renewed my cert last month, and I can see my new cert being valid here:

But both browsers and my C# services tell me the certificate has expired, quoting the previous certificate expiry date (yesterday). They don't seem to detect the new certificate.

Certbot is also pointing to the newer certificate locally:

sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: vftc.nhnt.co
    Serial Number: 51ace7ba5cca32f881752d48f0c884b2962
    Key Type: ECDSA
    Domains: vftc.nhnt.co
    Expiry Date: 2025-06-27 06:41:16+00:00 (VALID: 71 days)
    Certificate Path: /etc/letsencrypt/live/vftc.nhnt.co/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/vftc.nhnt.co/privkey.pem

HolyPastry · April 16, 2025, 12:13pm

[SOLVED] I restarted the AWS instance and things fixed themselves.

Patryk · April 16, 2025, 1:23pm

That means your service hasn't reloaded renewed certificate files and continued using the previously loaded in memory.

You should configure a post-hook that would reload a service affected. User Guide — Certbot 4.0.0 documentation

e.g. certbot renew --post-hook "systemctl reload nginx"

HolyPastry · April 16, 2025, 5:23pm

ah, nice! that's really useful, thanks!!!

Topic		Replies	Views
Certificate Installed & Valid & Working. But certbot certificates shows the expired cert Help	12	1681	November 12, 2021
[Solved] Expiry date still showing less than 30 days post successful certificate renewal Help	6	2554	November 3, 2017
Renew certificate help Help	7	1086	March 4, 2018
Certbot renew says: Cert not yet due for renewal. Firefox says:cert expired Server	3	2189	August 9, 2018
Certbot renewal, new server Help	13	624	October 17, 2020

New certificate is not recognize by browsers or services

Related topics