Expired SSL certificate at deb.odroid.in

Post Reply
gyth
Posts: 8
Joined: Mon May 20, 2019 10:08 pm
languages_spoken: English
ODROIDs: N2
Has thanked: 2 times
Been thanked: 1 time
Contact:

Expired SSL certificate at deb.odroid.in

Unread post by gyth » Thu May 30, 2019 6:14 am

I'm trying to use https on all of my repos and found the Let's Encrypt certificate on this domain has expired. Please renew it to make https usable again.

User avatar
odroid
Site Admin
Posts: 30976
Joined: Fri Feb 22, 2013 11:14 pm
languages_spoken: English
ODROIDs: ODROID
Has thanked: 21 times
Been thanked: 138 times
Contact:

Re: Expired SSL certificate at deb.odroid.in

Unread post by odroid » Thu May 30, 2019 9:32 am

Thank you for letting us know the issue.
We will check it.

User avatar
mad_ady
Posts: 5976
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1, H2, N2
Location: Bucharest, Romania
Has thanked: 102 times
Been thanked: 55 times
Contact:

Re: Expired SSL certificate at deb.odroid.in

Unread post by mad_ady » Thu May 30, 2019 1:29 pm

@odroid: you should setup certwatch to periodically check and notify your team about impending expiration dates: https://www.systutorials.com/docs/linux ... certwatch/

User avatar
odroid
Site Admin
Posts: 30976
Joined: Fri Feb 22, 2013 11:14 pm
languages_spoken: English
ODROIDs: ODROID
Has thanked: 21 times
Been thanked: 138 times
Contact:

Re: Expired SSL certificate at deb.odroid.in

Unread post by odroid » Thu May 30, 2019 1:35 pm

In fact, the auto renewal actually worked but we've had to restart the webserver for the new certificate takes effect.
Anyway, it seems to be fixed now.
https://deb.odroid.in/
These users thanked the author odroid for the post:
gyth (Tue Jun 04, 2019 9:13 am)

elatllat
Posts: 1311
Joined: Tue Sep 01, 2015 8:54 am
languages_spoken: english
ODROIDs: XU4, N1, N2
Has thanked: 1 time
Been thanked: 12 times
Contact:

Re: Expired SSL certificate at deb.odroid.in

Unread post by elatllat » Mon Jun 03, 2019 3:53 am

One only needs reload, not restart. Also you can have the server email you only if the cert is not updated by checking the date on the current cert. Something like

Code: Select all

#!/bin/bash

#
# letsencrypt.sh
#

function doit {
	D="$2"
	/opt/certbot-auto certonly -q --webroot -w /var/www/html/"$D" -d "$D" --no-redirect 2>&1 | \
		grep -v DeprecationWarning
	/sbin/service httpd reload > /dev/null
	DC=$(/usr/bin/openssl x509 -text -in /etc/letsencrypt/live/"$D"/cert.pem | \
		grep "Not After" | \
		perl -pe 's/ *Not After : *//g')
	DS=$(date -d"$DC" +%s)
	D2=$(date +%s)
	D2=$(echo "$D2+(30*24*60*60)" | bc)
	if [ "$DS" -lt "$D2" ] ; then
		echo "Please run /opt/certbot-auto manualy for $D before $DC" >&2
	fi
}
doit deb.odroid.in

Post Reply

Return to “Ubuntu”

Who is online

Users browsing this forum: No registered users and 1 guest