Question about renew certs


#1

Hello.
I got email whis is told me that my cert expires in 1 day.
I have tryed to renew it run the command:
myhost:#certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/video.intelekt.cv.ua.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
_ /etc/letsencrypt/live/video.intelekt.cv.ua/fullchain.pem (skipped)_
No renewals were attempted.

Output tells that my cert dont need to renew.

Than i run next command:
myhost:#certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Found the following certs:
_ Certificate Name: video.intelekt.cv.ua_
_ Domains: video.intelekt.cv.ua_
_ Expiry Date: 2018-07-07 08:57:16+00:00 (VALID: 60 days)_
_ Certificate Path: /etc/letsencrypt/live/video.intelekt.cv.ua/fullchain.pem_
_ Private Key Path: /etc/letsencrypt/live/video.intelekt.cv.ua/privkey.pem_

Is written that my cert expires in 2018-07-07. But in email is date - Expiration Date: 08 May 18 07:14 +0000)

All this leads me astray.
I hope for help.
Thanks in advance


#2

Hi @zamazura,

You have issued 2 certificates:

CRT ID     CERT TYPE   DOMAIN (CN)           VALID FROM             VALID TO               EXPIRES IN  SANs
388718156  Final cert  video.intelekt.cv.ua  2018-Apr-08 08:57 UTC  2018-Jul-07 08:57 UTC  60 days     video.intelekt.cv.ua
324686723  Final cert  video.intelekt.cv.ua  2018-Feb-07 07:52 UTC  2018-May-08 07:52 UTC  0 days      video.intelekt.cv.ua

The current one expiring in 60 days, and the one you received a mail expiring tomorrow. You have not expanded the certificate with new domains and you renewed the same lineage 30 days ago so you should not receive any mail regarding expiration.

So, I don’t know for sure what is the reason to receive this mail but:

1.- Maybe the mail is talking about some cert you issued using the --staging / --test params so the email received is not talking about the production one but the staging one.

2.- You have removed the /etc/letsencrypt dir or have created a new account so LE doesn’t know that you have already renewed the cert because the old cert is tied to a different account than the current one.

Cheers,
sahsanu


#3

1.- Maybe the mail is talking about some cert you issued using the --staging / --test params so the email received is not talking about the production one but the staging one.

2.- You have removed the /etc/letsencrypt dir or have created a new account so LE doesn’t know that you have already renewed the cert because the old cert is tied to a different account than the current one.

It sounds probable.
If to think, then the output of the command certbot certificates clearly says that the certificate expires in June.

Thank you for your reply!


#4

Hi @zamazura,

Checking again your post, I see that you wrote this:Expiration Date: 08 May 18 07:14 +0000 but the production cert expiring tomorrow expires at 2018-Feb-07 07:52 UTC so different hour and that seems it is because you received a mail for the staging cert. Anyway, as you said, certbot certificates shows the current and valid for 60 days certificate, so, nothing to worry about ;).

Cheers,
sahsanu


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.