Let’s Encrypt certificate “expired” even though it’s not?

One of our servers (Ubuntu 18.04 with Nginx) is using Let’s Encrypt‘s certbot to renew its SSL certificate regularly via script. Recently, it reported in web browsers as having an expired certificate. When I ran

certbot renew

it showed as having the certificate set to expire months from now.

Just on a lark, I rebooted the server, and then it was fine, and the web browsers showed the new certificate. Usually, a reboot isn’t necessary. I’m not sure why it was all of a sudden this time. But just FYI: if you’re using Let’s Encrypt to renew your site’s certificate, and it’s definitely renewed but randomly not showing that way to client machines, try a reboot.

One response to “Let’s Encrypt certificate “expired” even though it’s not?”

  1. Sorry to add a comment to an old post, but I bumped into this while searching for something else. The issue, which you may have already discovered, is that Nginx doesn’t know the cert has been renewed until you tell it. You can do this with your script by running “systemctl reload nginx” after certbot is done. There’s a specifici “–post-hook” argument for certbot that can help with this.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.