Renewal of ssl on Ubuntu/Apache2

My domain is:

I ran this command: openssl s_client -connect 2>/dev/null </dev/null | openssl x509 -noout -enddate

It produced this output: notAfter=Nov 7 23:59:59 2018 GMT

My web server is (include version): Server version: Apache/2.4.18 (Ubuntu)
Server built: 2016-07-14T12:32:26

The operating system my web server runs on is (include version): Ubuntu 16.04.1 LTS

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I received email from Let’s Encrypt which says

Your certificate (or certificates) for the names listed below will expire in
10 days (on 17 May 18 11:54 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.

But when I run command to test expiry date of my website, it shows =Nov 7 23:59:59 2018 GMT. So shall I need to renew again before 17 May 18 11:54 +0000?

The cert your seeing is from CloudFlare.


It seems that your website is under Cloudflare’s paid plan, and it’s covered by their TLS Certificate.

Hense, you don’t necessarily need to renew the lets encrypt certificate since it doesn’t show up on your website.
Also, cloudflare provides free original certificates that you can install on your server. Just note, if you choose to disable the cloudflare certificate (cdn), you would need to issue a valid certificate (since the CF origin certificate is not valid for public trust, only satisfied for CLOUDFLARE)


A reference to the feature that @stevenzhu mentioned:

This can be a more convenient (and technically equally secure or more secure) choice than Let’s Encrypt certificates for CloudFlare users.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.