From owner-freebsd-questions@freebsd.org  Sun Mar  7 19:48:21 2021
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 508BD570DD1
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Sun,  7 Mar 2021 19:48:21 +0000 (UTC)
 (envelope-from chris@theory14.net)
Received: from bacon.theory14.net (bacon.theory14.net [45.55.200.27])
 by mx1.freebsd.org (Postfix) with ESMTP id 4DtsTc2jJBz3hWm
 for <freebsd-questions@freebsd.org>; Sun,  7 Mar 2021 19:48:20 +0000 (UTC)
 (envelope-from chris@theory14.net)
Received: from remote.theory14.net (remote.theory14.net [173.79.122.145])
 by bacon.theory14.net (Postfix) with ESMTPSA id C94A1125EC0;
 Sun,  7 Mar 2021 14:48:14 -0500 (EST)
Received: from grackle.int.theory14.net (grackle.int.theory14.net
 [192.168.10.52])
 by remote.theory14.net (Postfix) with ESMTPS id 9405F7AB6;
 Sun,  7 Mar 2021 14:48:14 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=theory14.net; s=mail;
 t=1615146494; bh=Rpy4xrqnLFn6ocmsPc8gCLLV7dGXNxdSDOKm71yG1Ec=;
 h=Subject:From:In-Reply-To:Date:Cc:References:To;
 b=wNc+vT0lCdk6P/vhBrN+RA2xQJXb4Ye7CgVDSll5QiBEn4v7VDGCruOZidCS8VQiL
 9GCq2VHGxyUxbpzaOnuW7tdLYjREx5G7kLe1d4UOPeH/AwpsBP8GFs+JXHs8U0fkDf
 H4/ssb22w8O/5mh4whHXj01HDvOrSOupbc8u627g=
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Subject: Re: acme.sh issue, cert date invalid, but no errors from letsencrypt
From: Chris Gordon <chris@theory14.net>
In-Reply-To: <CAPORhP6ymOn18r6HGDxGaE8p=cZi19=KQ=FaYcbPXdyKvG3Wnw@mail.gmail.com>
Date: Sun, 7 Mar 2021 14:48:12 -0500
Cc: Shamim Shahriar <shamim.shahriar@gmail.com>, freebsd@boosten.org,
 freebsd-questions <freebsd-questions@freebsd.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <2040F5AF-8A54-41A9-A387-F5A35FBD61E1@theory14.net>
References: <CAPORhP6xi2Kf7iQ8BxQNeezycGHOw+nSqn6x9hX8mz-wzjakLQ@mail.gmail.com>
 <B6837972-3357-4469-88EE-F832D7967924@boosten.org>
 <CAOyJeZSqOsPh2naOB7or7be1MNvzB=aR1WiUhzjf7pkMHv4KfA@mail.gmail.com>
 <CAPORhP6ymOn18r6HGDxGaE8p=cZi19=KQ=FaYcbPXdyKvG3Wnw@mail.gmail.com>
To: David Mehler <dave.mehler@gmail.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-Rspamd-Queue-Id: 4DtsTc2jJBz3hWm
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=theory14.net header.s=mail header.b=wNc+vT0l;
 dmarc=pass (policy=none) header.from=theory14.net;
 spf=pass (mx1.freebsd.org: domain of chris@theory14.net designates
 45.55.200.27 as permitted sender) smtp.mailfrom=chris@theory14.net
X-Spamd-Result: default: False [-1.90 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+mx];
 RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[theory14.net:+];
 DMARC_POLICY_ALLOW(-0.50)[theory14.net,none];
 NEURAL_HAM_SHORT(-1.00)[-1.000]; FREEMAIL_TO(0.00)[gmail.com];
 RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+];
 RBL_DBL_DONT_QUERY_IPS(0.00)[45.55.200.27:from];
 ASN(0.00)[asn:14061, ipnet:45.55.192.0/18, country:US];
 MID_RHS_MATCH_FROM(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[173.79.122.145:received];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 R_DKIM_ALLOW(-0.20)[theory14.net:s=mail];
 FREEFALL_USER(0.00)[chris]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000];
 TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 SPAMHAUS_ZRD(0.00)[45.55.200.27:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 FREEMAIL_CC(0.00)[gmail.com,boosten.org,freebsd.org];
 MAILMAN_DEST(0.00)[freebsd-questions];
 SUSPICIOUS_RECIPS(1.50)[]
X-Mailman-Approved-At: Mon, 08 Mar 2021 09:49:55 +0000
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Mar 2021 19:48:21 -0000



> On Mar 7, 2021, at 11:48 AM, David Mehler <dave.mehler@gmail.com> =
wrote:
>=20
> Hello,
>=20
> Thanks for your reply. I did repeatedly restart the web server.
>=20
> I've also looked at the file creation date they're the new certs
> issued yesterday, but checking them with openssl shows as I said the
> not after november 2020 date.
>=20
> Suggestions welcome.
> Thanks.
> Dave.

I just moved from certbot to acme.sh, but a couple of thoughts:

- Did you run --install-cert after the first issue?  I didn't find it as =
obviously documented as maybe I had hoped, but this (AFIAK) sets up =
everything so that the --cron option will put the renewed certs in the =
right place and reload/restart things to catch the new certs =
(--reloadcmd). =20
- I just ran acme.sh --cron --force and I did get an updated cert with =
an updated "Not Before" date.
- What is in /var/log/acme.sh.log?  Have you increased the debug level?


Chris=