Website inaccessible, "NET::ERR_CERT_DATE_INVALID" [UPDATE: Fixed, resources in comments]

Tried to log in to my website this morning and I have a “Your connection is not private” error, NET::ERR_CERT_DATE_INVALID. Screenshot:

download

I have no idea how to address this issue. It seems to be related to this: How to renew lets encrypt ssl after 3 months in digital ocean - #21 by kenny-evitt but when I ran sudo certbot renew as suggested in the Digital Ocean help page that’s linked, I got certbot: command not found.

I am a writer, not a tech person, so I could use some noob-level help in getting my site back up ASAP. Thanks.

1 Like

Same issue with me also brother
I also didn’t find any solution for it

1 Like

After some back and forth with Digital Ocean, we got this fixed.

First, I tried the instructions on this page: https://www.digitalocean.com/community/questions/how-to-recover-from-expired-let-s-encrypt-certificate But discovered I did not have certbot installed.

So then I followed the instructions on this page: Certbot - Ubuntuxenial Nginx and afterwards, it all worked.

Good luck to anybody else out there with my low level of technical skill who needs to get this worked out.

1 Like

u followed exact same instructions brother which is on the blog

I was also unfamiliar with how Ghost works with Let’s Encrypt at first.

The first source of confusion is that I thought Ghost used certbot, but it seems like it uses acme.sh – those are both ‘ACME clients’ where ACME is the ‘protocol’ that Let’s Encrypt supports for managing certificates.

If you were able to renew your certificate with certbot then that’s great. You might want to look into how to setup automatic renewals. Or you could just renew it the same way you just did when the certificate expires again in the future. Note that Let’s Encrypt certificates expire more quickly than certificates provided from other issuers – as the whole point of Let’s Encrypt is to automate certificate management completely (i.e. including renewing certificates).

The comment by me that you linked to covers the acme.sh client – NOT certbot. If you follow the steps I describe in that comment, it should fix the automatic renewal that Ghost should have setup initially.

I just checked your site and your current certificate will expire on November 8th of this year. So each certificate should last three months.