Cert not yet due for renewal … but it's expiredUsing my own private key for Let's Encrypt's certbot due to HPKPCron job for let's encrypt renewalLetsencrypt - do I need to keep “.well-known” accessible for certificate renewal?updating ssl cert for gitlab using certbot & lets encryptWhat ports should I keep open to allow for ACME-based certificate renewal?ssl-cert-check is not getting the correct expiry dates for Lets Encrypt certificatesDockerized Nginx + Certbot + tls-sni challenge not working on renewalServer has a valid SSL Cert, Clients only see expired cert, why?nginx load balancer w/ https and lets encrypt cert renewalLetsencrypt expired certificate renewal failure (NGinx)

Why Is Abelian Gauge Theory So Special?

Three column layout

What's the safest way to inform a new user of their password on my web site?

Golf the smallest circle!

Can a police officer film me on their personal device in my own home?

How to start learning the piano again

Why transcripts instead of degree certificates?

Why is a blank required between "[[" and "-e xxx" in ksh?

Difference between 'demás' and 'otros'?

Does the UK have a written constitution?

Why is the Turkish president's surname spelt in Russian as Эрдоган, with г?

How fast can a ship with rotating habitats be accelerated?

How can I check type T is among parameter pack Ts... in C++?

Coefficients of the characteristic polynomial

How was film developed in the late 1920s?

Which centaur is more 'official'?

Math PhD in US vs Master + PhD in Europe

How to determine what is the correct level of detail when modelling?

Super Polymerization how does it work

How can I convince my reader that I will not use a certain trope?

How exactly is a normal force exerted, at the molecular level?

What are good ways to spray paint a QR code on a footpath?

How do I spend money in Sweden and Denmark?

What's the point of DHS warning passengers about Manila airport?



Cert not yet due for renewal … but it's expired


Using my own private key for Let's Encrypt's certbot due to HPKPCron job for let's encrypt renewalLetsencrypt - do I need to keep “.well-known” accessible for certificate renewal?updating ssl cert for gitlab using certbot & lets encryptWhat ports should I keep open to allow for ACME-based certificate renewal?ssl-cert-check is not getting the correct expiry dates for Lets Encrypt certificatesDockerized Nginx + Certbot + tls-sni challenge not working on renewalServer has a valid SSL Cert, Clients only see expired cert, why?nginx load balancer w/ https and lets encrypt cert renewalLetsencrypt expired certificate renewal failure (NGinx)






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








0















I am trying to renew a wildcard let's encrypt certificate. 



/usr/local/bin/certbot renew


Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sub.myDomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
 /etc/letsencrypt/live/sub.myDomain.com/fullchain.pem expires on 2019-08-14 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


It responds that Cert not yet due for renewal.
But actually it has expired:



echo | openssl s_client -connect sub.myDomain.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Mar 11 15:32:13 2019 GMT
notAfter=Jun 9 15:32:13 2019 GMT


How do I renew it?
Here is how I created that certificate:



certbot certonly 
 --dns-google 
 --email myEmail@gmail.com 
 --agree-tos 
 -d *.sub.myDomain.com





lets-encrypt







share|improve this question



















  • 4





    Was your web server restarted after renewing the cert?

    – Sven
    Jun 10 at 6:59











  • no it wasn’t, it’s docker container, I’ll try to restart it

    – Maxim Yefremov
    Jun 10 at 7:03











  • @Sven you are right, reloading nginx helped me, so the correct way to renew is: /usr/local/bin/certbot renew --post-hook '/usr/sbin/nginx -s reload'

    – Maxim Yefremov
    Jun 10 at 12:17

















0















I am trying to renew a wildcard let's encrypt certificate. 



/usr/local/bin/certbot renew


Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sub.myDomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
 /etc/letsencrypt/live/sub.myDomain.com/fullchain.pem expires on 2019-08-14 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


It responds that Cert not yet due for renewal.
But actually it has expired:



echo | openssl s_client -connect sub.myDomain.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Mar 11 15:32:13 2019 GMT
notAfter=Jun 9 15:32:13 2019 GMT


How do I renew it?
Here is how I created that certificate:



certbot certonly 
 --dns-google 
 --email myEmail@gmail.com 
 --agree-tos 
 -d *.sub.myDomain.com





lets-encrypt







share|improve this question



















  • 4





    Was your web server restarted after renewing the cert?

    – Sven
    Jun 10 at 6:59











  • no it wasn’t, it’s docker container, I’ll try to restart it

    – Maxim Yefremov
    Jun 10 at 7:03











  • @Sven you are right, reloading nginx helped me, so the correct way to renew is: /usr/local/bin/certbot renew --post-hook '/usr/sbin/nginx -s reload'

    – Maxim Yefremov
    Jun 10 at 12:17













0












0








0








I am trying to renew a wildcard let's encrypt certificate. 



/usr/local/bin/certbot renew


Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sub.myDomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
 /etc/letsencrypt/live/sub.myDomain.com/fullchain.pem expires on 2019-08-14 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


It responds that Cert not yet due for renewal.
But actually it has expired:



echo | openssl s_client -connect sub.myDomain.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Mar 11 15:32:13 2019 GMT
notAfter=Jun 9 15:32:13 2019 GMT


How do I renew it?
Here is how I created that certificate:



certbot certonly 
 --dns-google 
 --email myEmail@gmail.com 
 --agree-tos 
 -d *.sub.myDomain.com





lets-encrypt







share|improve this question
















I am trying to renew a wildcard let's encrypt certificate. 



/usr/local/bin/certbot renew


Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sub.myDomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
 /etc/letsencrypt/live/sub.myDomain.com/fullchain.pem expires on 2019-08-14 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


It responds that Cert not yet due for renewal.
But actually it has expired:



echo | openssl s_client -connect sub.myDomain.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Mar 11 15:32:13 2019 GMT
notAfter=Jun 9 15:32:13 2019 GMT


How do I renew it?
Here is how I created that certificate:



certbot certonly 
 --dns-google 
 --email myEmail@gmail.com 
 --agree-tos 
 -d *.sub.myDomain.com





lets-encrypt




lets-encrypt






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jun 10 at 12:10









Daniel K

3341 silver badge11 bronze badges




3341 silver badge11 bronze badges










asked Jun 10 at 6:37









Maxim YefremovMaxim Yefremov

1191 gold badge1 silver badge11 bronze badges




1191 gold badge1 silver badge11 bronze badges







  • 4





    Was your web server restarted after renewing the cert?

    – Sven
    Jun 10 at 6:59











  • no it wasn’t, it’s docker container, I’ll try to restart it

    – Maxim Yefremov
    Jun 10 at 7:03











  • @Sven you are right, reloading nginx helped me, so the correct way to renew is: /usr/local/bin/certbot renew --post-hook '/usr/sbin/nginx -s reload'

    – Maxim Yefremov
    Jun 10 at 12:17












  • 4





    Was your web server restarted after renewing the cert?

    – Sven
    Jun 10 at 6:59











  • no it wasn’t, it’s docker container, I’ll try to restart it

    – Maxim Yefremov
    Jun 10 at 7:03











  • @Sven you are right, reloading nginx helped me, so the correct way to renew is: /usr/local/bin/certbot renew --post-hook '/usr/sbin/nginx -s reload'

    – Maxim Yefremov
    Jun 10 at 12:17







4




4





Was your web server restarted after renewing the cert?

– Sven
Jun 10 at 6:59





Was your web server restarted after renewing the cert?

– Sven
Jun 10 at 6:59













no it wasn’t, it’s docker container, I’ll try to restart it

– Maxim Yefremov
Jun 10 at 7:03





no it wasn’t, it’s docker container, I’ll try to restart it

– Maxim Yefremov
Jun 10 at 7:03













@Sven you are right, reloading nginx helped me, so the correct way to renew is: /usr/local/bin/certbot renew --post-hook '/usr/sbin/nginx -s reload'

– Maxim Yefremov
Jun 10 at 12:17





@Sven you are right, reloading nginx helped me, so the correct way to renew is: /usr/local/bin/certbot renew --post-hook '/usr/sbin/nginx -s reload'

– Maxim Yefremov
Jun 10 at 12:17










1 Answer
1






active

oldest

votes


















2














Your system renewed its certificate last month, but the web server never restarted or reloaded to actually start using it.



To fix the problem, reload/restart the web server.



You can also supply the appropriate command to reload your web server as a --deploy-hook to your certbot renew command.






share|improve this answer

























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "2"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f970776%2fcert-not-yet-due-for-renewal-but-its-expired%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    2














    Your system renewed its certificate last month, but the web server never restarted or reloaded to actually start using it.



    To fix the problem, reload/restart the web server.



    You can also supply the appropriate command to reload your web server as a --deploy-hook to your certbot renew command.






    share|improve this answer



























      2














      Your system renewed its certificate last month, but the web server never restarted or reloaded to actually start using it.



      To fix the problem, reload/restart the web server.



      You can also supply the appropriate command to reload your web server as a --deploy-hook to your certbot renew command.






      share|improve this answer

























        2












        2








        2







        Your system renewed its certificate last month, but the web server never restarted or reloaded to actually start using it.



        To fix the problem, reload/restart the web server.



        You can also supply the appropriate command to reload your web server as a --deploy-hook to your certbot renew command.






        share|improve this answer













        Your system renewed its certificate last month, but the web server never restarted or reloaded to actually start using it.



        To fix the problem, reload/restart the web server.



        You can also supply the appropriate command to reload your web server as a --deploy-hook to your certbot renew command.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jun 10 at 14:40









        Michael HamptonMichael Hampton

        180k28 gold badges337 silver badges667 bronze badges




        180k28 gold badges337 silver badges667 bronze badges



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Server Fault!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f970776%2fcert-not-yet-due-for-renewal-but-its-expired%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            How to write a 12-bar blues melodyI-IV-V blues progressionHow to play the bridges in a standard blues progressionHow does Gdim7 fit in C# minor?question on a certain chord progressionMusicology of Melody12 bar blues, spread rhythm: alternative to 6th chord to avoid finger stretchChord progressions/ Root key/ MelodiesHow to put chords (POP-EDM) under a given lead vocal melody (starting from a good knowledge in music theory)Are there “rules” for improvising with the minor pentatonic scale over 12-bar shuffle?Confusion about blues scale and chords

            Image
            Why is a set not a partition of itself? Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet? Labeling matrices/rectangles and drawing Sigma inside rectangle Unexpected Netflix account registered to my Gmail address - any way it could be a hack attempt? 51% attack - apparently very easy? refering to CZ's "rollback btc chain" - How to make sure such corruptible scenario can never happen so easily? Missouri raptors have wild hairdos Can someone explain homicide-related death rates? Why is tomato paste so cheap? What are the implications of the new alleged key recovery attack preprint on SIMON? Effects of ~10atm pressure on engine design Is taking modulus on both sides of an equation valid? Jumping frame contents with beamer and pgfplots Are there any established rules for splitting books into parts, chapters, sections etc? Anatomically Correct Carnivorous Tree Why do I get two different answers when solvi...
            Read more

            Esgonzo ibérico Índice Descrición Distribución Hábitat Ameazas Notas Véxase tamén "Acerca dos nomes dos anfibios e réptiles galegos""Chalcides bedriagai"Chalcides bedriagai en Carrascal, L. M. Salvador, A. (Eds). Enciclopedia virtual de los vertebrados españoles. Museo Nacional de Ciencias Naturales, Madrid. España.Fotos

            Image
            escíncidospenínsula Ibéricaesgonzo comúnJacques von Bedriagaesgonzo comúndimorfismo sexualovovivíparaendémicaPenínsula IbéricaCordilleira CantábricaAsturiasPaís VascoGaliciaRías BaixasMurosCarnotaillas CíesOnsAtlánticoIllas CíesIlla de Onsilla do PesegueiroIlla de Sancti PetriMediterráneoMar MenorIlla de TabarcaGaliciaCantabriaBurgossolosdestrución do hábitatIUCN Abrir o menú principal Procurar Esgonzo ibérico Ler noutra lingua Vixiar esta páxina Editar function mfTempOpenSection(id)var block=document.getElementById("mf-section-"+id);block.className+=" open-block";block.previousSibling.className+=" open-block"; Esgonzo ibérico Estado de conservación Case ameazada Clasificaci...
            Read more

            Why did Thanos need his ship to help him in the battle scene?Which actor plays Thanos in the Avengers mid-credits scene?Are there economic implications portrayed in comics where the buildings and cities are ruined almost daily?Old X-Men comic where team travels to alien world with a ring-like sun that needs recharging?Why does Ego need help sleeping?Is there an objective answer to who “the strongest Avenger” is?How did Banner get unstuck?Why did Thanos get hit?How did Thanos (or anyone) know the Infinity Stones would give him this power?Did Thanos leave Eitri alive for his after-sales service?In Avengers 1, why does Thanos need Loki?

            Image
            German characters on US-International keyboard layout Why is tomato paste so cheap? what does a native speaker say when he wanted to leave his work? Can a tourist shoot a gun in the USA? Extracting sublists that contain similar elements Why does the headset man not get on the tractor? What kind of SATA connector is this? Help in identifying a mystery wall socket Unexpected Netflix account registered to my Gmail address - any way it could be a hack attempt? Anatomically Correct Carnivorous Tree declared variable inside void setup is forgotten in void loop What is the largest number of identical satellites launched together? Automatically anti-predictably assemble an alliterative aria What information do scammers need to withdraw money from an account? Rounding a number extracted by jq to limit the decimal points Tikz draw contour without some edges, and fill What should a student do when they are the victim of a FERPA violation? How exactly does artific...
            Read more