Reputation: 1507
NET::ERR_CERT_DATE_INVALID after manual renewal with certbot
My website keeps getting "NET::ERR_CERT_DATE_INVALID" error.
I have renewed the certificate using:
sudo certbot certonly --webroot -w /var/www/html -d startuplab.io
and have restarted nginx.
It used to work fine before, my other websites work fine as well.
How do I figure out what went wrong?
Edit:
This tool shows me that certificate expired 21 days ago.
Letsencrypt tells me:
Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/startuplab.io-0001/fullchain.pem. Your cert
will expire on 2019-05-22. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew all of your certificates, run "certbot
renew"
Edit 2:
Aha! My ssl-startuplab.io.conf snippet points to
ssl_certificate /etc/letsencrypt/live/startuplab.io/fullchain.pem;
but certbot has put it into
ssl_certificate /etc/letsencrypt/live/startuplab.io-0001/fullchain.pem;
Does anybody know why this happens? What should I do to fix this and avoid it in the future?
Edit 3:
Just renaming the startuplab.io-0001 folder into startuplab.io fixed the issue. But why did this happen to begin with? How do I make sure it never happens again? I'd appreciate any advice!
Upvotes: 1
Views: 4440
Answers (1)
Reputation: 38930
For your edit 3, from https://certbot.eff.org/docs/using.html#renewing-certificates emphasis added:
An alternative form that provides for more fine-grained control over the renewal process (while renewing specified certificates one at a time), is
certbot certonlywith the complete set of subject domains of a specific certificate specified via-dflags. ...All of the domains covered by the certificate must be specified in this case in order to renew and replace the old certificate rather than obtaining a new one; don’t forget any
www.domains! Specifying a subset of the domains creates a new, separate certificate containing only those domains, rather than replacing the original certificate. When run with a set of domains corresponding to an existing certificate, the certonly command attempts to renew that specific certificate.
Your old cert was for startuplab.io AND webacademy.io -- not only the former.
Upvotes: 0
Related Questions
- Certbot renew: nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)
- certbot nginx authentication failure: "Connection reset by peer"
- Https Certbot Certificate is renewed, but connection not secure till you restart nginx
- Certbot MisconfigurationError: nginx restart failed
- Browser shows letsencrypt certificate expired when it isnt
- Why is Certbot renew giving "bad handhake" error?
- certbot SSL certifact stops working on nginx configuration update
- Certbot SSL certificate doesn't work
- ERR_CERT_DATE_INVALID after manual renewal
- Certbot Error: "Error getting validation data", Nginx Ubuntu Node server