When i run /root/letsencrypt/letsencrypt-auto renew
i get the following response:
Processing /etc/letsencrypt/renewal/my-site.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
Last time certificate was renewed on 9th of Sept. Today is 16th of Oct. and i still get this message when trying to renew.
Please also note that all the applications like: wget, docker, chrome-browser, firefox see this cert as expired while Let’s encrypt still insists it is “Not yet due for renewal”
I’ve managed to find out a work around by running: /root/letsencrypt/letsencrypt-auto certonly -d my-site.com
after answering a few questions and INSISTING that i want to renew a cert that is not expired (i can do it 5-7 times a day), letsencrypt-auto finally managed to overwrite the outdated 9th Sept files with 16th Oct, but it is not expected behavior.
This is usually because letsencrypt has renewed the certificate and downloaded it to the hard disk on your server ( so it is correctly saying it’s renewed ) however you haven’t reloaded / restarted your webserver - so it’s still using the old cert, and hence firefox etc correctly say it needs renewing ( because the webserver is still using the old one).
The solution is usually a reload/restart of the webserver.
Without your domain name though, I can’t be certain if this is the case for you.
I wish it was the case. Unfortunatelly, i’m fully aware about the need to restart the server, more than that, my servers are docker-registry and docker-registry-auth which i fully recreate after running the renewal (they are stateless and the data is isolated). The issue is, that letsencrypt-auto does NOT refresh the cert files, and keeps the old ones with the 9th Sept timestamp saying they are valid. However, after running letsencrypt-auto certonly -d my-site.com i’ve managed to update the files. Then as you say, i just recreated docker-registry and docker-registry-auth containers and it all works now
However, the “letsencrypt-auto renew” issue still remains unsolved. I guess, this happens because in most cases indeed people forget to restart the server, so the REAL bug is hidden by a similar issue.
Then the response of “Not yet due for renewal” would have been correct (that cert is still valid until 8th Dec, so not due for renewal until early November on a 30 day basis)
So I’m still assuming that, for some reason, your docker setup was not actually using the cert from the 9th Sept.
Ahh, from your title I’ve maybe understood the missunderstanding.
Certbot / letsencrypt renews certificates when there are less than 30 days remaining in it’s valid life.
Your cert from 9 Sept is valid for 90 days ( until the 8 Dec). certbot will try and renew when there are less than 30 days left (by default) so it would renew on the 8 Nov … not 30 days after the certificate was issued.
i.e. it will ( currently ) renew every 60 days (90 -30 ) … not every 30 days.
Hi,
I received the renewal email for my certificate. But when I run certbot renew, it states that certs are not due for renewal yet.
I have 2 domain names in the same server and the certs are in /etc/letsencrypt/live/domain_name1 and /etc/letsencrypt/live/domain_name 2.
The last certs domain_name 1 timestamp is 12th Oct 2016 and The last certs domain_name 2 timestamp is 21st Sept 2016.
Are my certs renewed?
Thanks,
Jeremy
