Certificate expired

[regs01]

There is a certificate expired on the site yesterday. Issued: Tue, 31 Oct 2023 22:00:56 GMT Valid until: Mon, 29 Jan 2024 22:00:55 GMT

[DerDakon]

Which domain did you query? I see one that expires a month later..

[Nakaner]

All sites are hosted on the same server and use one single Let's Encrypt SSL certificate. That's the certificate @DerDakon mentioned.

@regs01 Do you use some kind of corporate proxy performing man-in-the-middle SSL attacks on your traffic?

[Nakaner]

closing this issue because the bug report cannot be confirmed

[regs01]

I was particularly saying about https://www.openrailwaymap.org, which is now seem to be updated

New certificated issued on Wed, 31 Jan 2024 22:00:58 GMT. I suspect there is a script updating certificate every 365 days. But previous certificate was valid only for 363 days. A new one is valid for 455 days.

[DerDakon]

The certificate is renewed every months, and is valid for 3 month, but the renewal will automatically be skipped if it has been refreshed last time.

So, whatever certificate you are seeing is not ours. Currently it is this one (in German, but you will get it):

Allgemeiner Name (CN) R3 Organisation (O) Let's Encrypt Organisationseinheit (OU) <Gehört nicht zum Zertifikat> Gültigkeitsdauer Ausgestellt am Mittwoch, 31. Januar 2024 um 23:00:58 Gültig bis Mittwoch, 1. Mai 2024 um 00:00:57 SHA-256-Fingerabdrücke Zertifikat 28ced29d619e35a2268ed3911613f6f1f6a1db97012c2d1e19549b018fd2ce98 Öffentlicher Schlüssel 6fd1365ad83b08c1aea2996d250d12fd68ac9c83915d824ddb07f829d58be912

[regs01]

Sorry, was looking at the wrong tab.

Yes, old one is 31 Oct 2023 to 29 Jan 2024 and a new one is 31 Jan 2024 to 30 Apr 2024. So there was 2 days of blackout. Meaning certificate is valid for 90 days, while being updated once every 3 calendar months. That could vary from 89 to 92 days.

[Nakaner]

The update script for our certificate runs every month. As said above, if you use a firewall which hacks SSL connections, the fault is on your side.

[regs01]

As said above, if you use a firewall which hacks SSL connections, the fault is on your side.

I don't

The update script for our certificate runs every month.

And this is the problem. The old certificate expired on Jan 29. New was issued on Jan 31. I reported it on Jan 30, in between of those two dates. So rather than rely on calendar month, it's better to set scheduler to days. Like 85 days. As between Oct 31 and Jan 31 there are 92 days, but certificates are valid for 90 days, not 3 months.