I’m running NextCloud on CentOS 7 for a while and am loving it. Unfortunately I didn’t set up the certificate for automatic renewal (using LetsEncrypt).
So, when the cert expired a couple of weeks back, I renewed the certificate using certbot renew --reuse-key, and this seemed to work without any issues. However, when I access (or try to) the web interface, Chrome tells me that the date on the cert is invalid and I can’t access it.
I’ve seen plenty of posts regarding renewals and the page not loading but none seem to quite match what I’m seeing. Happy to be pointed in the right direction if I missed anything.
That is correct, I also tried restarting the server itself (VM). As you note, the certs are indeed found in /etc/letsencrypt/live/nextcloud.domain.net:
I wouldn’t have thought the certificates being symlinked would be a normal thing, and haven’t tried to remove the symlinks and replace them with the actual files in case I broke it more.
I would prefer to use openssl because it is a bit more verbose and output more details about the certificate used, curl only outputs the name and dates
If the output matches your certificate data then the new certificate is used. if chrome still reports an date/time error check the time/date on your client, maybe there is a offset between your client and server.
As you suggested I ran the OpenSSL command and it is showing that the cert expired on March 31st (which is correct). But if I look at the timestamp of the certificate files being referenced by Apache config, they are showing April 12 (which is when I performed the renewal).
Have I perhaps missed a step after obtaining the new certs?
Your issue with letsencrypt and centos is not related with Nextcloud and therefor offtopic.
You will get better help and other places. Please use your preferred search engine to get help.
If the certificate you get when you access the website is different from the one you have in your filesystem. I would guess the webserver does not loaded it.
Try to restart/reload your webserver and test again. You could also try to use a different browser like firefox and check if the same problem occures. If not it could also be a caching problem with the browser.