Received E-Mail about expiration date - How do extend the let’s encrypt certificate as nextcloud server is down and not available for a few days?

I received the E-Mail that my certificate will expire next Tuesday March, 8th for my domain.

My domain is: medifornet.ddns.net

I ran this command: Nextcloud Server is down as static IP address is momentarily not available due to a router hardware exchange. ( already for a couple of weeks).

My web server is (include version): Nextcloud running on Synology station

The operating system my web server runs on is (include version):
Synology specific

My hosting provider, if applicable, is: No-IP

I can login to a root shell on my machine: no

I'm using a control panel to manage my site: Not in the moment as IP static address can not be reached

The domain with auto renew of the certificate end of next week. As the certificate expires next Tuesday and the automatic renewal are planed on Friday next week. Is there a change to keep this certificate even is there are some day overdue?

Do anybody have an idea, if the automatic renewal is working after the direct expiration date has reached?

Thanks you for your help.

1 Like

Sure, you can keep the certificate. But users would see an error. Although, would they? As the site is down, right?

So I'm not really sure what your question is exactly: what's wrong with renewing when your hardware comes up next Friday? Although there is a chance of course that renewal runs into issues and renewal fails.

3 Likes

Thank you for the answer.
Yes, you are right the site is actually down.
So the renewal works after expiration date of the certificate and the automatic renewal with setup the router hardware using the static IP for reaching my domain is possible. Correct? Then my visitor after the renewal will not receive an error message any more. I thought the renewal is also expired and not possible again afterwards.

1 Like

Sure, the validation usually starts with HTTP (in the case of the http-01 challenge it does), so Let's Encrypt ignores invalid certificates if the initial HTTP request is redirected to HTTPS, as it doesn't add any security anyway.

I don't know what that means or how it's related to renewal, can you perhaps clarify?

"The renewal"?

3 Likes

I think what you're saying here is that you thought a cert couldn't be renewed after it expires. And if that's what you thought, no, that isn't correct. A "renewal" is just issuing a new cert, identical to the old except for dates. It doesn't depend on the previous cert's validity.

5 Likes

Yeah, certificates are just simple files with a cryptographically determined signature on them. They're very much "standalone" in essence. Nothing fancy.

5 Likes

Correct.
Thank for your response.
Now I know that the expiration date is not as critical as I thought, if I understand your explanations.
I should use the term expiring and not renewal. Sorry for the unclear wording.
You helped me a lot with your answers :slight_smile: Thx.

1 Like

And note that expiring is something that just happens. Inevitable, time just goes on and a certificate has a set expiry date embedded into it. Renewal is a separate thing, which, as Dan already said, is just getting a new certificate with the same information inside it (e.g. the public key and hostnames et cetera) and is something that has to be triggered by the client.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.