The SSL cert that expired on a Sunday
🩺 Summary
Sunday morning. Coffee in hand. Browser says: Your connection is not private. Cert expired 3 hours ago. Let's Encrypt auto-renewal failed because certbot was configured for the wrong domain variant. 15 minutes of panic, one certbot --force-renewal, and a nginx reload later we were back.
📝 Details
Certbot was for ainomam.com (non-www) but nginx served www.ainomam.com. The cert kept renewing for the wrong domain.
Set up weekly certbot renew --dry-run via cron. Add SSL expiry monitoring to daily report.
💬 Comments (0)