SSL certificate expired
mouse256 opened this issue · 8 comments
Eg: https://data.sensor.community/static/v2/data.1h.json can't be used anymore.
I can't agree with that. The certificate is valid till 2020-08-01.
Seems there are 2 servers behind a loadbalancer. One is OK and the other one is not:
Faulty one: https://www.ssllabs.com/ssltest/analyze.html?d=data.sensor.community&s=85.214.116.164&latest
To test them all: https://www.ssllabs.com/ssltest/analyze.html?d=data.sensor.community
Your right, should get renewed.
I am also surprise about the fact, that auto-renewal is not active
Thank you for telling us about this problem.
The cert should be valid again.
An auto renewal doesn't really work in this case. There is a limit for cert renews per week per hostname combination (common name + alternative names). For a specific combination you have only 10 tries per week including failed renews.
Thats why we try to minimize renews. The cert should have been copied/sync from the working server once per day. But this wasn't working.
We are also confronted with this problem with the pmapp server. We have the presumption, that the rate limits are calculated for the tld. We have the host <hostname>.stratoserver.net, like you do, so the rate limits would be valid for all servers at Strato.
It's working again, thanks for the swift response!
@marcauberer there are different rate limits: https://letsencrypt.org/docs/rate-limits/
One is 50 certs per tld per week. This is the limit if you use the stratoserver.net name.
The limit we het is more likely the "Duplicate cert limit" of 5 per week per "common name + alternative names" combination. If we would add some more servers with the name "data.sensor.community" these servers shouldn't renew their cert in the same week. So copying one cert to all other servers is more robust.