Outdated self-signed cerificate keeps coming back

Installation: RPI4, ubuntu 20.94, latest NGINX, MariaDB, NC 19.0.3. letsencrypt & SCME. All works fine, just: users (on the same LAN) with Thunderbird/Windows, IOS and Android keep betting warnings about an invalid self-signed certificate, which expired in 2017. SSL Checker reports valid cert from Ler’s encrypt, only.

I can’t find the source of the ss-certificate and stop it.

Please provide a hint.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:


Or for longer, use three backticks above and below the code snippet:


Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:


Nextcloud version (eg, 18.0.2):
Operating system and version (eg, Ubuntu 20.04):
Apache or nginx version (eg, Apache 2.4.25):
PHP version (eg, 7.1):

The issue you are facing:

Is this the first time you’ve seen this error? (Y/N):

Steps to replicate it:

The output of your Nextcloud log in Admin > Logging:


The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):


The output of your Apache/nginx/system log in /var/log/____:


How do you access nextcloud on your local network? The same URL like outside?

The problem is probably your webserver configuration, that with local access, you use a different vhost configuration which has still the old self-signed certificate and not the letsencrypt one.

Hi tflidd, thx for advise. Yes, I am using the same URL and it works fine with the new cert from let’s encrypt. Thing I noted meanwhile: the old ss-cert did show on Thunderbird and Iphone and not on Honor6x. The H6s has been run empty and fully restarted meanwhile. Therefore I have erased the cache of TB and Iphone. Now I keep fingers crossed.

@tflidd: sorry to come back. Outdated cert keeps coming back on Thunderbird via network. Tried to ignore it for a while - running out of patience now. Please drop a hint on where and how to look in vhost configuration.
Thx in advance.

Check the vhosts for ssl configuration, there could be several ones. In case you certificated was already renewed, perhaps it just needs to restart nginx. If the certificate wasn’t renewed, renew the certificate (check for new folders in /etc/letsencrypt/live/youdomain/*) and check the date.

Thanks a lot,tflidd. I had already restarted nginx several times.

On the user side I am receiving a nice, clean certificate, which is good for a quarter and renews. In addition only Thunderbird in the same network receives an old certificate which expired in 2017 and never renews.

Have gone down and up the vhost configuration and found only one ssl-conf. The list of ecc-certs looks clean and up to date.


Looks like I have somewhere a ghost. Looking now for some sw to control the traffic to find our where the outdated one comes from. Only other solution would be a fresh installation.

then check all the ssl vhosts of nginx. egrep ssl * in the nginx config-folder. Perhaps there is a configs-enable or some similar folder you might want to check as well.

Funny outcome in the end: there is some strange behaviour with Ubuntu and NGINX, where I had to stop NGINX and then also kill the the processes.

Here is my source with details: