Trouble with expiration

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: kasdivi.com

I ran this command:
I try to access my mail and apple mail says the certificate has expired on 7/08/2022

i run sudo certbot renew

It produced this output:

Processing /usr/local/etc/letsencrypt/renewal/kasdivi.com.conf

---

Cert not yet due for renewal

---

The following certificates are not due for renewal yet:

/usr/local/etc/letsencrypt/live/kasdivi.com/fullchain.pem expires on 2022-09-09 (skipped)

No renewals were attempted.

My web server is (include version):

apache 2.24.51

The operating system my web server runs on is (include version):
freebsd 13

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1.13.0

Which mail server are you running?
How did you last load the cert into it?

In short: The web server is using the latest cert; But the email service is still using the previous one.
[which expired on July 8]

I'm guessing here. LE updates the certs... 001, 002, etc. The mail server... whatever it is is looking at an outdated cert?

It is important to know which mail server is running. Whatever it is it would be beneficial to script the distribution of the cert(s) so the mail server is always up to date.
My 2 cents

Thanks for the quick responses. I am running Postfix 3.6,3. and Dovecot 2.3.17. I think that the mail service interface with Dovecit

Half way there...

Maintain certificate on server with certbot. Specify the resulting certificate (/usr/local/etc/letsencrypt/live/kasdivi.com/fullchain.pem ) in the Dovecot SS Configuration,
I was able to force apple mail to trust the expired Certificate. My experience has been apple and some browsers don't play well with letsemcrypt. Email seem happy again even with what it thinks to be an expired certificate

Then you may only need to restart/reload Dovecot.
[after each certificate renewal]

It IS an expired cert being served.

thing was only the Iphone was upset. But I will restart dovecot. That make more sense

Ok I restarted dovecot. The correct certificate shows up. but Apple mail doesn't trust. Like i said Appel doesn't seem to like letsencrypt. Will tinker to see what I can do.. Now definately an Apple Mal Problem

Then you might need to switch to chains OR switch to another (free) CA provider.

It is weird No problem with my desktop. Letsencrypt works fine for my website (except with Brave). IN the end issue appears apple iPhone apple mail.. I will probably swap mail apps out first. They make a great OS for desktop and a POS for tablets and phones

Also, try using the "short chain".

short chain? Is that attached my phone to a short chain and throw it off a bridge?

ok did the usual apple mail phone fix .. delete the account and add it again . All good not a letsencrypt issue. Thanks again

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.