Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
sudo certbot certonly --nginx -d share.insidertools.de
It produced this output:
What would you like to do?
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2023-11-17. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation
My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version):
Operating System: Ubuntu 20.04.6 LTS
Kernel: Linux 5.4.0
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):
Hello, I just recreated my certificate a few minutes ago. It is this certificate: crt.sh | 9870232335
Today is the 19.08.2023. On the console it shows me that the certificate would expire on 17.11.2023. This time is also given to me when I type "sudo certbot certificates -d share.insidertools.de". The time on my server is correct. I have updated all packages and renewed the certificate again. The result remains the same: the actual certificate delivered to the browser contains wrong time information. According to this, the certificate was issued on 07/06/2023 and is valid until 10/04/2023.
These times (with 2h difference due to the time zone) are also on crt.sh. How can there be a creation date that is far in the past? I think this is a mistake. If this was intended, it was not fully thought out, because my server keeps the information that the certificate is valid until 17.11.2023 and therefore does not renew when it is needed. I just became aware of this because the previous certificate was already not renewed even though the browser reported it as expired.