Lets Encrypt Cert expired: Renewing "appears" to work, but multiple browsers show expired


Lets Encrypt Cert expired and didn’t automatically renew.

1 Tried deleting and requesting a new cert
2. Tried updating from CLI fwconsole certificates --updateall

(Jared Busch) #2

If you deleted the cert, then you need to go into SysAdmin and apply the new one.


Is this a ‘distro’ ?

fwconsole certificate --import # imports any properly named certs and keys you dropped in 
                                 /etc/asterisk/keys for non 'distro' like thingies
fwconsole certificate --updateall #will renew any that it has bailiwick over if it can 
fwconsole certificate --list # LISTS all certs/keys available even broken ones
fwconsole certificate --default=N # selects the cert you want to use


Did that, multiples times


Port Management: LetsEncrpt = Port 80
Toggled LetsEncrypt Rules in Firewall Advanced
Tried FreePBX and CLI
Cert Management shows “2020-10-19 (55 days)”
Cleared Browser cache
Browser: NET::ERR_CERT_DATE_INVALID Expires on: Aug 19, 2020


Does your web browser’S SSL configuration point to the right files in /etc/asterisk/keys ?


As far as I can tell, yes


Then you shouldn’t get that message , I suggest you check it .


Check what? Thanks


If you are using apache2/httpd as your webserver, somewhere in its config for the server listening on port 443 will need to have

SSLCertificateFile "/etc/asterisk/keys/www.example.com.cert"
SSLCertificateKeyFile "/etc/asterisk/keys/www.example.com.key

where www.example.com will be replaced with the “good” key/cert pair

  1. Make sure the correct cert is selected in the GUI: Admin->System Admin->HTTPS Setup->Settings->Certificate Manager.

  2. Click the “Install” button on the above even if it looks correct.

  3. Check the running apache cert locally:

echo | openssl s_client -showcerts -connect localhost:443 | openssl x509 -inform pem -noout -enddate
  1. If above still shows an expired cert, manually reload apache:
systemctl reload httpd
  1. Repeat step 3


Thank you, this worked

(system) closed #13

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.