LetsEncrypt Certbot renew successfully, but still got expired certificate from client(browser, curl or wget) side, what’s the problem?

less than 1 minute read

This article is just a trouble-shooting blog. It’s rarely happen. After you even did a force renew by using

sudo certbot renew --force-renewal

And then check the certificate by using

sudo certbot certificates

Everything looks just fine. But when you use curl or wget from a remote machine to test the website, you still get the error of expired certificate. This can be frustrating.

wget -O test.html https://yourwebsite.com

Resolving yourwebsite.com (yourwebsite.com)... xx.xx.xx.xx
Connecting to yourwebsite.com (yourwebsite.com)|xx.xx.xx.xx|:443... connected.
ERROR: cannot verify yourwebsite.com's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3’:
  Issued certificate has expired.
To connect to yourwebsite.com insecurely, use `--no-check-certificate'.

However, don’t worry. The solution is simple. Simply restart the nginx server can save it.

sudo systemctl restart nginx

Everything should go back to normal now.