Why renewed certificate ends at 30/12/2016?


#1

Hi all,

So one of my certificates expired today.
I renewed it with Certbot-auto -renew but new certificate starts on Oct 1(you might notice, today is 5th of Dec) and ends on 30 Dec.
Is that correct behaviour?


#2

Most likely what’s happened is that you are looking at the old certificate, not the new one. If you saw the certificate in a web browser, a common cause is that you did not reload the web server after renewing the certificate, so the server doesn’t yet know about the new certificate, you should use your web server’s standard command for “reloading” or if there is no information about how to reload, stop the server, and then start it again, and the new certificate should then be presented.

If you are looking at the certificate files on disk, there could be a number of causes, including that you’re looking in the wrong file (a new file is created for the renewed certificate, and then a symbolic link or symlink is altered to point to this file instead of the old one) or that an error prevented the newly renewed certificate being written to disk at all for some reason, such as permission problems.

I hope some of the above is useful, if not please give more details about what symptoms you’re experiencing.


#3

Thank you for your reply.
I will explain more:
I received error about expired certificate today(in browser cert expire date was 5 Dec 2016), then renewed it with certbot-auto (/{path}/certbot-auto renew --dry-run), restarted server and it worked.
After that I reloaded page, checked cert and it has expire date 30 Dec 2016.

So certificate was renewed for sure, but why with 1st of October start date? What will happen on 30 of December?
Will be I able to generate new one?


#4

Just checked file itself:
it’s correct one and it has start date for today.
Thank you for help!


#5

You mentioned the “dry run” flag - but this flag asks Certbot to perform a dry run. Perhaps you are not familiar with this idea, it comes from firemen proving they can respond quickly to a fire but without bringing the big tanks of water needed to fight an actual fire. It is just a test, with this flag you are not issued with a new certificate, but some tests are done and if those fail it will be reported.

So I am not sure exactly what happened, but probably your certificate was already renewed on 1st October, and the server was not restarted, once you restarted it, the October certificate was brought into use, and this expires later this month, your system has also now obtained another renewed certificate, but apparently not yet put that into use.

I recommend that you take a few minutes to make sure you understand how it all works, and perhaps ensure things are reloaded / restarted automatically - in order to avoid any surprises at the end of the year when many people have better things to do than tinker with a web server.


#6

I never knew the origin of this term! Thanks, @tialaramex.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.