Open tomtko opened 2 years ago
Hi, isn't this caused by the DST Root CA X3 expiration ?
I have the same issue and still could not figure out if it is related to this project or not. docker exec letsencrypt /app/cert_status shows all certificates as expired however force renewal works all certificates are getting renewed. I use docker so the server being old should not be an issue.
@gurumark @fluffyst nginxproxy/acme-companion:2.1.1
has been updated to use a newer version of acme.sh
(2.8.8
-> 2.9.0
), could you test again with this version of the container ?
Didn't fix it for me at least. I've got the same phenomenon, that cert_status shows all fullchains as expired (Certificate was valid until Mar 5 2022
), but I don't have any other issues besides that. The certificates and the renewal seems to work as usual.
It doesn't seem to make a difference if I use ACME_PREFERRED_CHAIN
on a container or not. I'm on a fully updated Ubuntu 20.04 machine with the latest images.
Did someone find the fix for this? I'm facing the same issue with the fullchain.pem file
The only way to show the fullchain as OK instead of expired is to manually edit the fullchain.pem and remove the last cert in the chain.
Just to clarify: the cert_status
function is a small utility that was hastily written a while ago, it's not meant to actually reflect the internal state of acme.sh in any way.
I know the preferred chain stuff has been an issue on the acme.sh side for a while, the more recent version 3.x might finally solve this but I'll have to check a few things before bumping to this version. It's fairly easy to locally build an acme-companion image with a different version of acme.sh, I can provide instructions for this if needed.
Since one year I'm running a mailcow-dockerized behind nginx-proxy. Today I'm facing exactly this issue myself from one day to the other. In my case IMAPS does not work anymore. openssl connection to the server returns: certificate has expired force renewal works but cert_status on my mailserver says that fullchain.pem has exired and: "Certificate was valid until Jun 22 06:06:14 2022 GMT" really strange
Hi, isn't this caused by the DST Root CA X3 expiration ?
I think that is so. I've created an issue on the Let's Encrypt forum. Follow the link to find the suggested solution.
I tried to find a solution myself, and the following is probably not needed anymore, but just in case, to extract the first certificate from a file:
$ awk '/BEGIN/{if (matched) exit; else matched=1}; {print}' < /etc/nginx/certs/example.com/chain.pem | less
So, just recently i've been getting curl certificate expired errors on my ubuntu 14.04 server, however it works just fine on any other server, including my local machine
curl: (60) SSL certificate problem: certificate has expired
A bit of investigating, I believe that the Intermediate has expired or is invalid, whynopadlock result shows that, along with
/app/cert_status
command showing that the fullchain.pem has expired, force renewing doesn't seem to fix the issue, it 100% renews the certificate however.Info: running acme-companion version v2.1.0-28-g1785bc5
rendered nginx configuration