Expired Certificate

Hello Dan,
This is Greg I used up all of my reply’s "which apparently I can only reply 18 times. Ok, so I was able to use that command and I did not get an error.

…and are you now seeing that your cert is current?

No it is saying the same thing:

When I download the PEM chain it does match the chain.pem in the 0002 directory.

Can you post the contents of fullchain.pem? And what site are you browsing to when you see that error? Because when I browse to nethserver.cuicable.com, I’m seeing a Cloudflare cert.

Browsing to mx1.cuicable.com

-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgISBKFf49GXbeenW3wTct2yossGMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjA4MjkxNjMxMDVaFw0yMjExMjcxNjMxMDRaMCIxIDAeBgNVBAMT
F25ldGhzZXJ2ZXIuY3VpY2FibGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAvZmrRA1NyZ+j35XzjjuT1DlW4RSF8jR/LjhidxP11/ahszZCoNi0
Wp7pTFBuAnDtZwR8hPMZj49CKys2ZW97Y/cQdeiP5KpX1KrqhzBU3KkDCNBQu6tU
6OCgrO8sCOWouifWTWqCiTlQVmlPmLS3OL+ojWs8K2LCysJ1ETkvI4hUn5zuH6Hs
XqQ+FoYF3lfQuv6g7V4H2B63QbsZQZ9AeAQZAyxEUmAWMTM4+jFeQr5TMWrgRHrc
8OysHZDzwbwHy7KeCpMzOSmERN0GdLZ13C5AOtolFK0ZfT8iEINGk3sVyoHFB22h
KQbiZcLD8TVNK7pss9twetWyeV6tjpXH0QIDAQABo4ICjzCCAoswDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
AjAAMB0GA1UdDgQWBBRRxExcw5bb3LGC8Y30QlE6oguc4jAfBgNVHSMEGDAWgBQU
LrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGG
FWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmku
bGVuY3Iub3JnLzBeBgNVHREEVzBVgg5teDEuYXZ4aW5jLmNvbYIQbXgxLmN1aWNh
YmxlLmNvbYIYbXgxLm1pbGxlcmZvdW5kYXRpb24ubmV0ghduZXRoc2VydmVyLmN1
aWNhYmxlLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo
MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisG
AQQB1nkCBAIEgfYEgfMA8QB3AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBi
lgb2AAABguqoK2kAAAQDAEgwRgIhALJiv7W5d0avWR65Vl/kxOgFXqRSSO3SO7K4
y/2spP2FAiEA09cqKYWJWr1KSWhDbYGxUPoiyaW0mBIgEH0kSjI+QIkAdgBGpVXr
dfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAYLqqCtzAAAEAwBHMEUCIDmi
8N3ZQX98NGAb4/0J81ToBmuv0ksMzUSZMJD8PzJXAiEA9oltNbff/K9bqoLzotkt
drS4AABvhojWsF5H3k0SsN0wDQYJKoZIhvcNAQELBQADggEBAB6kcasOIjhSnimG
s75Tpjw4sj9u5LggE/HzSkbya114bWJ48q/YyL0yZtAQtiTwRd9cDwReBXdeQfsj
eVX6oVUjvFnKGLQo6+iEmmd52eVHFzsylP0QACWm1YTxKWM/ciDgvp9fpPonYwcA
Ymp+opozudhTsWMAd7WOOZeTAKo2jsfRXoQFCJl7LM2JXg/frjxVvf2ZrkUuMFbQ
Yjx8GY6M6tPsh7SRhTW0cLtgzHnZ8kstoGGVq33E3c8nShckULeXh2Re+pk73aAj
02I29dv8QPEscByusEDQGvb91X1m4EZgQoVcTIedA0eBa7caQu8G5enMEMbf8WhU
qHGHPjM=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----

That certificate is valid 29 Aug - 27 Nov, but I’m also seeing that mx1.cuicable.com is serving an expired cert. Restarting the server would likely resolve this, but the certificate-update event should have also. Is mx1.cuicable.com actually hosted on the Nethserver machine?

Yes mx1.cuicable.com is hosted on the Nethserver.

Hi @conan58

If you have both 0001 and 0002 suffixes, you can have a look at:

Make sure you didn’t reach the 5/7 limit for Let’s Encrypt requests.

Keep in mind that this solution is dangerous

Michel-André

Ok, I just did a data backup and then did a restart. No Sogo is no longer working. The service refuses to start. The error is below.

[root@nethserver log]# systemctl status sogod
● sogod.service - SOGo is a groupware server
   Loaded: loaded (/usr/lib/systemd/system/sogod.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2022-09-07 08:35:14 CDT; 22min ago
 Main PID: 1616 (code=exited, status=1/FAILURE)

Sep 07 08:35:11 nethserver.cuicable.com systemd[1]: Starting SOGo is a groupware server...
Sep 07 08:35:14 nethserver.cuicable.com sogod[1616]: 2022-09-07 08:35:14.213 sogod[1616:1616] unable to get status of desc...iptor
Sep 07 08:35:14 nethserver.cuicable.com systemd[1]: Started SOGo is a groupware server.
Sep 07 08:35:14 nethserver.cuicable.com systemd[1]: sogod.service: main process exited, code=exited, status=1/FAILURE
Sep 07 08:35:14 nethserver.cuicable.com systemd[1]: Unit sogod.service entered failed state.
Sep 07 08:35:14 nethserver.cuicable.com systemd[1]: sogod.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@nethserver log]# 

Now what?

This is the error I see in syslog:
nethserver sogod: 2022-09-07 08:19:50.410 sogod[17631:17631] unable to get status of descriptor 2 - Bad file descriptor