Renew Wildcard certificate and it is already expired

ddragos2001 · October 11, 2022, 7:55am

My domain is:
ilifruct.ro

I ran this command:
./acme.sh --issue -d ilifruct.ro -d '*.ilifruct.ro' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --force
and
./acme.sh --renew -d ilifruct.ro -d '*.ilifruct.ro' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --force

It produced this output:
Success
... Your cert is in: /root/.acme.sh/ilifruct.ro/ilifruct.ro.cer

My web server is (include version):
Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version):
CentOS Linux release 7.5.1804 (Core)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
no

Issue:
The certificate is successfully created, downloaded, and installed
The web-browsers says that the certificate is expired.

The command:
openssl x509 -noout -dates -in /root/.acme.sh/ilifruct.ro/ilifruct.ro.cer
returns:

notBefore=Jul  8 00:00:00 2022 GMT
notAfter=Oct  6 23:59:59 2022 GMT

webprofusion · October 11, 2022, 9:15am

Check you are using the latest version of acme.sh,clearly if it thinks it's renewing OK but your file is actually old (check the file date) then a path or permission is wrong somewhere.

ddragos2001 · October 11, 2022, 12:14pm

I performed an update of acme.sh, same result.
Checked the file's date, and it is fine, current date/time
Even deleted the old certificate from /root/.acme/ilifruct.ro/ilifruct.ro.cer and again --issue and --renew
The script downloaded the same certificate as the old one, with identical content, and validity dates (I compared it with one from the backup)

ddragos2001 · October 11, 2022, 12:34pm

Executed:
./acme.sh --remove -d ilifruct.ro
Then removing the directory
/root/.acme/ilifruct.ro
After that --issue and then --renew
the certificate is now a new one, with validity starting today
Problem solved

MikeMcQ · October 11, 2022, 1:57pm

I'll point out that this domain is using ZeroSSL certificates.

If you want to use Let's Encrypt certs refer to the acme.sh docs

system · November 10, 2022, 1:57pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.