[SOLVED] Sudden ERR_CERT_DATE_INVALID with valid certificate

gVirtu · June 17, 2020, 9:09pm

Greetings! I started getting the ERR_CERT_DATE_INVALID error all of a sudden on a NGINX website today, even though no changes had been made to the certificate or server itself. I’ve been researching on potential fixes to no avail. What could be the cause of this?

EDIT: I also tried to renew the certificate (via certbot certonly, which was successful) and restart the machine, but the error remained unfortunately.

My domain is:
resende.caren.app

I ran this command:
certbot certificates

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: resende.caren.app
   Domains: resende.caren.app www.resende.caren.app
   Expiry Date: 2020-09-15 19:46:09+00:00 (VALID: 89 days)
   Certificate Path: /etc/letsencrypt/live/resende.caren.app/fullchain.pem
   Private Key Path: /etc/letsencrypt/live/resende.caren.app/privkey.pem
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

My web server is (include version):
nginx version: nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is:
Amazon Web Services

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

stevenzhu · June 17, 2020, 9:16pm

Hi,

That's weird, because from what I see the certificate is valid and working as intended. Can you please check if your computer's time is synced correctly?

Information on SSLLabs also show your certificate is valid.

Hardenize test is also fine, although you have some security header issues.

P.S. a important information: If you use certonly without a installer specified (certonly means it will not reload your web server after renewal), you'll need to make sure you reload/restart your Nginx server after successful renewal. If you don't reload, the webserver will not use the up to date certificate and will display the expired certificate. @gVirtu

gVirtu · June 17, 2020, 9:39pm

Thank you so much for the thorough response @stevenzhu!

This was actually a false positive on my end, the cert in question was indeed working fine, the culprit was actually another one that was being used for our static assets cloudfront distribution. That one did expire today.

I will take the opportunity to review the security header issues now as well.

Thanks a bunch again, I’ll mark this as solved!

system · July 17, 2020, 9:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
NET::ERR_CERT_DATE_INVALID after manual renewal Server	7	12466	March 31, 2017
Err_cert_date_invalid Ayuda (en Español)	5	934	December 8, 2020
NET::ERR_CERT_DATE_INVALID in nginx error log file = SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking , client: xx.xx.xx.x, server: 0.0.0.0:443 Help	4	3700	February 26, 2019
Net::err_cert_date_invalid Help	2	943	October 15, 2020
Cert not expired but getting ERR_CERT_DATE_INVALID Help	3	714	September 16, 2021

[SOLVED] Sudden ERR_CERT_DATE_INVALID with valid certificate

Related topics