Renewed but epired

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
mail server ks307144.kimsufi.com

I ran this command:

cat letsencrypt_renew


if [[ $1 == “-”“v” ]]
then
if [[ -z “$2” ]]
then
echo “Domaine non spécifié. Taper ? pour la syntaxe”;
ls -l $root
exit
else
cert="/etc/letsencrypt/live/$2/cert.pem"
echo " "
echo “############”
if openssl x509 -checkend 86400 -noout -in $cert
then
echo “The certificate $cert is good for at least another day!”
today=date +%D
expiredate=openssl x509 -enddate -noout -in $cert | awk -F'=' '{print $2}'
expdate=“date +%D --date=’$expiredate’”
ed=eval $expdate
daysleft=echo $(($(($(date -u -d "$ed" "+%s") - $(date -u -d "$today" "+%s"))) / 86400))
echo " Today’s date: $today , expiring on: $ed , $daysleft days left to go."
else
echo “The certificate $cert has expired or will do so within 24 hours!”
echo “(or is invalid/not found)”
fi
echo “############”
fi
fi

letsencrypt_renew -v ks307144.kimsufi.com

It produced this output:
############
Certificate will not expire
The certificate /etc/letsencrypt/live/ks307144.kimsufi.com/cert.pem is good for at least another day!
Today’s date: 10/19/19 , expiring on: 01/17/20 , 90 days left to go.
############

But my MTA still complains:

capture-11
capture-11.png1437×744 136 KB

It seems that the old certificate is still provided

My web server is (include version):
Apache/2.4.38 (Debian)
The operating system my web server runs on is (include version):
Debian 9

My hosting provider, if applicable, is:
OVH

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
ispconfig 3.1

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

2

Hi @kmc

checking your website there is a new certificate - https://check-your-website.server-daten.de/?q=ks307144.kimsufi.com

CN=ks307144.kimsufi.com
	19.10.2019
	17.01.2020
expires in 90 days	ks307144.kimsufi.com - 1 entry

Looks like your Dovecot doesn't use that. Did you restart your Dovecot?

PS: Use port 993 / 995, these are the standard ssl mail ports. Port 143 starts unencrypted and uses Starttls.

1 Like
3

Yes, restarting dovecot did the trick. Thanks !

2 Likes
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.