https://trac.crin.org/trac/ticket/102 <p> Hi Chris, </p> <p> I'm having trouble browsing to the stage site today on crin4 - I'm getting: </p> <p> SEC_ERROR_EXPIRED_CERTIFICATE </p> <p> .. trying to view stage.crin.org </p> <p> Are you able to help there? </p> <p> Many thanks, Russell </p> en-us https://trac.crin.org/trac/chrome/site/logo.gif https://trac.crin.org/trac/ticket/102 Trac 1.0.2 russell Fri, 10 Mar 2017 12:30:42 GMT https://trac.crin.org/trac/ticket/102#comment:1 https://trac.crin.org/trac/ticket/102#comment:1 <ul> <li><strong>component</strong> changed from <em>backups</em> to <em>crin4</em> </li> </ul> Ticket chris Fri, 10 Mar 2017 12:47:03 GMT https://trac.crin.org/trac/ticket/102#comment:2 https://trac.crin.org/trac/ticket/102#comment:2 <ul> <li><strong>hours</strong> changed from <em>0</em> to <em>0.25</em> </li> <li><strong>totalhours</strong> set to <em>0.25</em> </li> </ul> <p> I think the problem was that Nginx needs a restart before a new cert is used and the Let's Encryypt certs are only valid for three months, I have restarted Nginx and it looks OK: </p> <ul><li><a class="ext-link" href="https://www.ssllabs.com/ssltest/analyze.html?d=dev.crin.org"><span class="icon">​</span>https://www.ssllabs.com/ssltest/analyze.html?d=dev.crin.org</a> </li></ul><p> I have added this root crontab: </p> <pre class="wiki"># restart nginx as certbot doesn't 01 01 01 * * service nginx restart </pre><p> If/when I rebuild the servers with Debian stretch then I'd switch to using acme.sh for the certs as it can also restart services: </p> <ul><li><a class="ext-link" href="https://github.com/Neilpang/acme.sh"><span class="icon">​</span>https://github.com/Neilpang/acme.sh</a> </li></ul> Ticket russell Fri, 10 Mar 2017 13:00:24 GMT https://trac.crin.org/trac/ticket/102#comment:3 https://trac.crin.org/trac/ticket/102#comment:3 <p> Thanks Chris </p> Ticket russell Tue, 25 Apr 2017 10:36:35 GMT https://trac.crin.org/trac/ticket/102#comment:4 https://trac.crin.org/trac/ticket/102#comment:4 <p> Hi Chris, </p> <p> It looks a bit like this has happened again: </p> <p> dev.crin.org uses an invalid security certificate. The certificate expired on 22 April 2017 00:02. The current time is 25 April 2017 11:30. Error code: SEC_ERROR_EXPIRED_CERTIFICATE </p> <p> Do we think that restart's not sorting it out? </p> <p> Thanks, Russell </p> Ticket chris Tue, 25 Apr 2017 10:56:44 GMT https://trac.crin.org/trac/ticket/102#comment:5 https://trac.crin.org/trac/ticket/102#comment:5 <ul> <li><strong>hours</strong> changed from <em>0</em> to <em>0.15</em> </li> <li><strong>totalhours</strong> changed from <em>0.25</em> to <em>0.4</em> </li> </ul> <p> Sorry about this, a nginx restart has solved the problem, the crontab was set to run on the first of each month, I have changed this to every night, which isn't a perfect solution but should work. </p> Ticket russell Fri, 23 Jun 2017 13:55:17 GMT https://trac.crin.org/trac/ticket/102#comment:6 https://trac.crin.org/trac/ticket/102#comment:6 <p> Hi Chris, </p> <p> I'm seeing that expired certificate again: <a class="ext-link" href="https://dev.crin.org/"><span class="icon">​</span>https://dev.crin.org/</a> </p> <p> Would we expect that to roll round on cron tonight? </p> <p> Thanks, Russell </p> Ticket chris Fri, 23 Jun 2017 14:07:21 GMT https://trac.crin.org/trac/ticket/102#comment:7 https://trac.crin.org/trac/ticket/102#comment:7 <ul> <li><strong>hours</strong> changed from <em>0</em> to <em>0.25</em> </li> <li><strong>totalhours</strong> changed from <em>0.4</em> to <em>0.65</em> </li> </ul> <p> I restarted Nginx and it is OK now: </p> <ul><li><a class="ext-link" href="https://www.ssllabs.com/ssltest/analyze.html?d=dev.crin.org"><span class="icon">​</span>https://www.ssllabs.com/ssltest/analyze.html?d=dev.crin.org</a> </li></ul><p> I'm not sure why this root crontab isn't doing the trick: </p> <p> <tt>01 01 * * * service nginx restart</tt> </p> <p> I should probably switch the server over to use <tt>acme.sh</tt>: </p> <ul><li><a class="ext-link" href="https://github.com/Neilpang/acme.sh"><span class="icon">​</span>https://github.com/Neilpang/acme.sh</a> </li></ul> Ticket russell Fri, 23 Jun 2017 14:13:10 GMT https://trac.crin.org/trac/ticket/102#comment:8 https://trac.crin.org/trac/ticket/102#comment:8 <p> Thanks Chris, </p> <p> We seem to have a very old version of the dev. site there, presume that's from the DB recovery. I'll resync dev from live and rebuild. </p> Ticket russell Fri, 23 Jun 2017 14:19:32 GMT https://trac.crin.org/trac/ticket/102#comment:9 https://trac.crin.org/trac/ticket/102#comment:9 <p> prod &gt; dev DB sync underway. </p> <p> It will take a long time. </p> Ticket chris Wed, 23 Aug 2017 16:38:50 GMT https://trac.crin.org/trac/ticket/102#comment:10 https://trac.crin.org/trac/ticket/102#comment:10 <ul> <li><strong>hours</strong> changed from <em>0</em> to <em>0.25</em> </li> <li><strong>totalhours</strong> changed from <em>0.65</em> to <em>0.9</em> </li> </ul> <p> This issue still hasn't been solved, I have just restarted Nginx to solve it for the next 6 weeks... </p> Ticket