I ran this command: Nextcloud Server is down as static IP address is momentarily not available due to a router hardware exchange. ( already for a couple of weeks).
My web server is (include version): Nextcloud running on Synology station
The operating system my web server runs on is (include version):
Synology specific
My hosting provider, if applicable, is: No-IP
I can login to a root shell on my machine: no
I'm using a control panel to manage my site: Not in the moment as IP static address can not be reached
The domain with auto renew of the certificate end of next week. As the certificate expires next Tuesday and the automatic renewal are planed on Friday next week. Is there a change to keep this certificate even is there are some day overdue?
Do anybody have an idea, if the automatic renewal is working after the direct expiration date has reached?
Sure, you can keep the certificate. But users would see an error. Although, would they? As the site is down, right?
So I'm not really sure what your question is exactly: what's wrong with renewing when your hardware comes up next Friday? Although there is a chance of course that renewal runs into issues and renewal fails.
Thank you for the answer.
Yes, you are right the site is actually down.
So the renewal works after expiration date of the certificate and the automatic renewal with setup the router hardware using the static IP for reaching my domain is possible. Correct? Then my visitor after the renewal will not receive an error message any more. I thought the renewal is also expired and not possible again afterwards.
Sure, the validation usually starts with HTTP (in the case of the http-01 challenge it does), so Let's Encrypt ignores invalid certificates if the initial HTTP request is redirected to HTTPS, as it doesn't add any security anyway.
I don't know what that means or how it's related to renewal, can you perhaps clarify?
I think what you're saying here is that you thought a cert couldn't be renewed after it expires. And if that's what you thought, no, that isn't correct. A "renewal" is just issuing a new cert, identical to the old except for dates. It doesn't depend on the previous cert's validity.
Yeah, certificates are just simple files with a cryptographically determined signature on them. They're very much "standalone" in essence. Nothing fancy.
Correct.
Thank for your response.
Now I know that the expiration date is not as critical as I thought, if I understand your explanations.
I should use the term expiring and not renewal. Sorry for the unclear wording.
You helped me a lot with your answers Thx.
And note that expiring is something that just happens. Inevitable, time just goes on and a certificate has a set expiry date embedded into it. Renewal is a separate thing, which, as Dan already said, is just getting a new certificate with the same information inside it (e.g. the public key and hostnames et cetera) and is something that has to be triggered by the client.