Thanks to the Linux Foundation and groups such as the EFF, Free SSL certificates are now available and are easy to issue and deploy on your websites. The catch is that they’re only valid for 90 days, but utilities exist to manage and renew the certificates for you. If you don’t use SSL on your website, I encourage you to check out the Let’s Encrypt and Certbot websites for more information.
When I went to my site this afternoon, it showed an error stating my SSL certificate had expired. I recently (90 days ago) configured Certbot (https://certbot.eff.org/) through a cron-job to renew my certificates regularly so they don’t expire. But they did!
In case anybody else comes up with this issue, I’ve explained why it happened and my solution below.
Running Certbot’s renew command from a bash shell looked as follows:
server:~$ sudo certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/jaypoc.com.conf ------------------------------------------------------------------------------- Cert not yet due for renewal The following certs are not due for renewal yet: /etc/letsencrypt/live/jaypoc.com/fullchain.pem (skipped) No renewals were attempted. server:~$
After some investigating, I found out that Certbot had actually successfully renewed my certificates, but my web server (Nginx) was still serving the old certificate. A simple reload of the web server and my site began serving up the valid certificate. I don’t know if Apache or other web servers would automatically detect the change and serve up the correct SSL certificate file, but if not, make sure they’re configured to refresh them upon change.
Resources:
- Let’s Encrypt – https://letsencrypt.org
- Certbot – https://certbot.eff.org