nginx
config_error
ai_generated
true
SSL: certificate expired: certificate has expired
ID: nginx/ssl-certificate-expired
95%Fix Rate
90%Confidence
1Evidence
2024-11-01First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| nginx 1.24.0 | active | — | — | — |
| nginx 1.22.1 | active | — | — | — |
| nginx 1.20.2 | active | — | — | — |
Root Cause
The SSL certificate file loaded by nginx has passed its expiration date, causing TLS handshake failures.
generic中文
Nginx 加载的 SSL 证书已超过有效期,导致 TLS 握手失败。
Official Documentation
https://nginx.org/en/docs/http/configuring_https_servers.htmlWorkarounds
-
95% success Renew the certificate using Let's Encrypt or your CA: `sudo certbot renew --nginx` or manually replace the certificate files and reload nginx: `sudo nginx -s reload`.
Renew the certificate using Let's Encrypt or your CA: `sudo certbot renew --nginx` or manually replace the certificate files and reload nginx: `sudo nginx -s reload`.
-
90% success Check the certificate expiration date: `openssl x509 -in /etc/nginx/ssl/cert.pem -noout -dates`. If expired, obtain a new certificate.
Check the certificate expiration date: `openssl x509 -in /etc/nginx/ssl/cert.pem -noout -dates`. If expired, obtain a new certificate.
-
90% success Set up automated renewal with a cron job: `0 0 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx`
Set up automated renewal with a cron job: `0 0 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx`
中文步骤
Renew the certificate using Let's Encrypt or your CA: `sudo certbot renew --nginx` or manually replace the certificate files and reload nginx: `sudo nginx -s reload`.
Check the certificate expiration date: `openssl x509 -in /etc/nginx/ssl/cert.pem -noout -dates`. If expired, obtain a new certificate.
Set up automated renewal with a cron job: `0 0 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx`
Dead Ends
Common approaches that don't work:
-
90% fail
Session cache does not affect certificate validation; the handshake will still fail.
-
95% fail
Protocol versions do not bypass certificate expiration; the certificate is still invalid.
-
70% fail
Self-signed certificates will also expire and cause the same error if not renewed.