Newly generated certificate is expired


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: foozstats.cacheblasters.com

I ran this command:
python acme-tiny/acme_tiny.py --account-key ./account.key --csr domain.csr --acme-dir /var/www/challenges/ > ./signed.crt

wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt > intermediate.pem

cat signed.crt intermediate.pem > …/FoozServer/certs/chained.pem

It produced this output:
signed.crt

My web server is (include version):
Node.JS 6.12.0

The operating system my web server runs on is (include version):
Debian (Jessie)

My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No.

I had previously successfully gotten certificates issued using acme-tiny (https://github.com/diafygi/acme-tiny) however when I attempt to renew a cert it issues the same old expired cert.

I have ever tried generated a new account key and following the steps outlined in the github from scratch, I still am getting the old certificate issued (expired 1/20/18, as can be seen here: https://foozstats.cacheblasters.com/message)

What steps am I missing to get it to issue a new cert instead of the same old expired one?


#2

Hi @OtherwiseJunk,

You have successfully generated five new (non-expired) certificates today:

https://crt.sh/?q=foozstats.cacheblasters.com

If you continue repeating this process, you’ll encounter an issuance rate limit.

Can you post a copy of the most recent signed.crt file?


#3

Thanks for the heads up on that, I wasn’t aware of that site which helps a ton already!

here’s the signed.crt:

-----BEGIN CERTIFICATE-----
MIIGGTCCBQGgAwIBAgISA0iWwU6n4Be3lFoLUevmIRgWMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAxMzExNjEwMDNaFw0x
ODA1MDExNjEwMDNaMCYxJDAiBgNVBAMTG2Zvb3pzdGF0cy5jYWNoZWJsYXN0ZXJz
LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOEZzY3iMkmNeAql
cUgPvpK2Ha7fHElMaIXrXSSL6Xr1wUsTsqjWiTiUglVoFGPNGkH3zH5jTy4uhcpa
brglQx8uFuWyFooDfINrEHD+WyOwRfb6iH9vktE33km14Q7+2VtNkhvnUEeylGOV
EFWkg8BK7SxQWbY5RZg47r2kH1t1EKZ+8HLmDzohWvO/wIl8oEgFuAdVF2G+fXo1
+399x7y+4QHXYpoDdLrLydDzEP6702GnJlIHbT6M9AG4KrhbSgftAddAPa5QLBdT
ISEOv8PDKtHmQ1VgTqPSNAZc3BMYo1lpdscVX1cu2MEWHrcEM73u2CijPNXYsxE4
NT6r0Aye6fALHgZVHaTUCmOz5GqzitYjUkEV2Wi5o5pu8GUsTPQcTS3i9WjJADLh
r7ZikXDzdPw1kIUlUkRAabLJ10VJ5LPSR3BJ5M3hQiDlxpqpaF/IkWiAWybMNeTv
XdhfoYcJr6x+bJFWec1xR1NiBJ5Ka2Ssx/ZjJJO86FY7LqHkKl14qmbTmH6zTql0
VeUBAYYMAl8SOdorPTFpY+jxgl6X/S3GNwhJh283aSD71rQvIz8ytT0KqeHLO9KH
dXs7uqpezVKJ4O10M0gnjO1a47lg3YqbJw6Llf0tKXMqo3sbP8EMH0E2/OcluE6V
lu77WHf5CFfUTxtNl4T2YTtckSLDAgMBAAGjggIbMIICFzAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw
HQYDVR0OBBYEFAzfGQKjXbXCUiWe0JsKI+LuM4OZMB8GA1UdIwQYMBaAFKhKamME
fd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0
cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0
cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wJgYDVR0RBB8wHYIbZm9v
enN0YXRzLmNhY2hlYmxhc3RlcnMuY29tMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIB
MIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRz
ZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBt
YXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9u
bHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91
bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZI
hvcNAQELBQADggEBAHigLZ3railxn8WM1cMM4dJaH+WEHqO6sw+Dz9C4S8OUeyYX
3H2KGD8JQxCBqy/TmbJTctv1+2139ciT1Qs2w/m/7qoz00Q4imc843BpXDVaHyNi
ngpebMc5jM81hqrbSaW8pPI5vO+U4tvHlIqa6Winn76cIkflywHVLouvJEE96wSP
Dep5J1Bf2dCXtRgdhigeHGBOytQpy7daW5xwhY29oaHDNnRYr3yJxPQNF2I/U5RI
rLIpkRJKPm6wTpFOj3+vR24YQFwZdQe8jjfVjFtmrM+fCpNBjzpPuHTeEXP2ImrC
/KOOGlyk3dVAQ6VWkLX2MarxBtINSXrgvmKxfNo=
-----END CERTIFICATE-----


#4

The certificate that you’ve just posted was issued today and expires on May 1. So something about your process of importing it into your web server seems to be the problem, not the certificate issuance itself.


#5

Ok cool. I’ll take a look at that then, thanks!


#6

If you need a tool to monitor your SSL certificate’s expiry date, then I find SSL Checker quite useful.


#7

Hey @OtherwiseJunk, I recently launched https://padlockspy.com for monitoring of SSLs, including expiry reminders, check it out if you’re interested. Let me know what you think :slight_smile:


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.