One of my domains was due for renewal. I could check in chrome debugger that the certificate will expire on “November 1, 2017”. so I manually renewed it using “/home/mpweb/certbot-auto renew --no-self-upgrade” . Only one domain got renewed and I was able to check it expiration date using “/www.sslshopper.com” (using fullchain.pem) where it is showing “Valid To: December 31, 2017” but when i check the certificate expiry in chrome debugger it is still showing “November 1, 2017”. I’ve also reloaded my nginx with no success. Please help!!
It’s also important to understand that “renewal” just means issuing a new certificate. It doesn’t change the expiry of the old certificate. The new certificate needs to be installed in or accessible to your web server in order to be used by it.
if you’re using Certbot on your web server and have pointed the web server at the version of the certificate in /etc/letsencrypt/live, this should be handled for you automatically. If you had to do some kind of certificate import step or if you made a separate copy of the certificate, you would have to repeat that process for every renewal.
Thanks for you valuable inputs!!
My original certificates gets created at /etc/letsencrypt/live but I use a different path in nginx conf. For eg. I use /home/zahid/letsencrypt/live as I do a “rsync -rlptgo /etc/letsencrypt/ /home zahid/letsencrypt/”. So everything in “/etc/letsencrypt/” gets replicated to /home/zahid/letsencrypt/ including symlinks, permissions and timestamps. When I check the details of my /home/zahid/letsencrypt/live/test.com/fullchain.pem (this custom path I’ve used in nginx) in “www.sslshopper.com” it is showing expiry as “December 31, 2017” and when I check the same in chrome browser debugger it shows as “November 1, 2017”. Also please note that “/home/zahid/letsencrypt/live/test.com/fullchain.pem” is pointing to “…/…/archive/test.com/fullchain2.pem”
Have you tried completely exiting and restarting Chrome? I don't know if it has something to do with TLS session resumption or if it's just a bug, but I've noticed before that I have to restart it to see the results of a certificate change with my servers. A refresh, even a hard one, is not enough.
Thanks for your help and support. There was a silly typo in my certificate path and hence the prob. I’ve fixed it now. Now its showing up proper expiry date.
So sorry to bothered you for a silly typo from my end.