Roots Discourse

Certificate renewal timeout overlap

Today, visiting one domain resulted in Chrome warning about an expired certificate (NET::ERR_CERT_DATE_INVALID) (expires 20.08.2018 (which is (still) today) according to the certificate details). I ran the cron manually to renew the cert.
Is the cron not executed often enough, is there a potential overlap for timed out certificates and the next cron run? Certificate expiration is 20.08.2018, which is also today. Maybe the few hours are rounded or some other offset issue?

It should never expire…

So it may be the case that the cronjob hadn’t run correctly.
How can I find out what went wrong? Executing the command manually works.

Uh oh, I am not able to find recent invocations of the renew-certs.py script. :crying_cat_face:

Hi Ben.
So the certificate will only renew when the existing one is expired and the cron job only runs on those specific days. Are we supposed to amend the days the cron job is run to coincide with when the certificate will expire?

As an example, this morning we just had to manually renew our certificate on a project that isn’t officially live (we’ve switched on the Production droplet from time to time during dev) and recently noticed it had expired.
So this new certificate will last for 60 days and should expire the morning of 30th Nov. But the cron job won’t run until 1st to recognise this and renew it. So there will be a period of time with no valid certificate? Is this correct?

Sorry if I’m misunderstanding something.
Thanks,
Damian

Hi @benword,
Any chance you could confirm my thoughts on this?

Certificates last for 90 days. The cron job runs on the 1st, 11th, and 21st… there’s no way it will expire (unless it doesn’t work).