Certificate is expired


(Евгений Копьев) #1

Good afternoon.
The server constantly sends messages about the expired certificate, you can remove it as it is without affecting the system?


(Michael Träumner) #2

Do you have a letsencrypt? There was a bug but it should be solved.


(Tamás Szalai) #3

Hi!

my certificates has also expired and doenst get renewed. Thank your suggested article/thread - i will try this out.

Beyond that i think that there is a problem with my configuration…?

Let’s imagine I have set up a domain (sub.domain.name) for the Nethserver with a corresponding Letsencrypt certificate. Now I have set up a domain for a NAS (nas.domain.name) and need a certificate for it. I also added them via the web interface.

In the web interface I have the following output:

If I display the values from the database, something completely different comes out:

--->8---
pki=configuration
    CertificateDuration=3650
    ChainFile=/etc/letsencrypt/live/sub.domain.name/chain.pem
    CommonName=
    CountryCode=
    CrtFile=/etc/letsencrypt/live/sub.domain.name/cert.pem
    EmailAddress=
    KeyFile=/etc/letsencrypt/live/sub.domain.name/privkey.pem
    LetsEncrypt=disabled
    LetsEncryptDomains=nas.domain.name
    LetsEncryptMail=mail@info.net
    LetsEncryptRenewDays=30
    Locality=
    Organization=
    OrganizationalUnitName=
    State=
    SubjectAltName=
---8<---

Am I right in assuming that the value for “LetsEncryptDomains” has lost the domain “sub.domain.name”? Why is more displayed on the web interface than is stored in the database?

The certificates are somehow not renewed anymore, so I had to create an additional entry for the NAS domain.


(Eddie Atherton) #4

Actually, only one of the bugs I reported was fixed. The mixed case one. The other where the order of the domains in the LetsEncrypt request stops the update remains. See issue 5441 (as LotusGuy) for a full explanation.

Cheers.