{
  "id": "nginx/ssl-certificate-expired",
  "signature": "SSL: certificate expired: certificate has expired",
  "signature_zh": "SSL 证书已过期：证书已过期",
  "regex": "certificate has expired",
  "domain": "nginx",
  "category": "config_error",
  "subcategory": null,
  "root_cause": "The SSL certificate file loaded by nginx has passed its expiration date, causing TLS handshake failures.",
  "root_cause_type": "generic",
  "root_cause_zh": "Nginx 加载的 SSL 证书已超过有效期，导致 TLS 握手失败。",
  "versions": [
    {
      "version": "nginx 1.24.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "nginx 1.22.1",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "nginx 1.20.2",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "Session cache does not affect certificate validation; the handshake will still fail.",
      "fail_rate": 0.9,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "Protocol versions do not bypass certificate expiration; the certificate is still invalid.",
      "fail_rate": 0.95,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "Self-signed certificates will also expire and cause the same error if not renewed.",
      "fail_rate": 0.7,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Renew the certificate using Let's Encrypt or your CA: `sudo certbot renew --nginx` or manually replace the certificate files and reload nginx: `sudo nginx -s reload`.",
      "success_rate": 0.95,
      "how": "Renew the certificate using Let's Encrypt or your CA: `sudo certbot renew --nginx` or manually replace the certificate files and reload nginx: `sudo nginx -s reload`.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Check the certificate expiration date: `openssl x509 -in /etc/nginx/ssl/cert.pem -noout -dates`. If expired, obtain a new certificate.",
      "success_rate": 0.9,
      "how": "Check the certificate expiration date: `openssl x509 -in /etc/nginx/ssl/cert.pem -noout -dates`. If expired, obtain a new certificate.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Set up automated renewal with a cron job: `0 0 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx`",
      "success_rate": 0.9,
      "how": "Set up automated renewal with a cron job: `0 0 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx`",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Renew the certificate using Let's Encrypt or your CA: `sudo certbot renew --nginx` or manually replace the certificate files and reload nginx: `sudo nginx -s reload`.",
    "Check the certificate expiration date: `openssl x509 -in /etc/nginx/ssl/cert.pem -noout -dates`. If expired, obtain a new certificate.",
    "Set up automated renewal with a cron job: `0 0 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx`"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://nginx.org/en/docs/http/configuring_https_servers.html",
  "official_doc_section": null,
  "error_code": null,
  "verification_tier": "ai_generated",
  "confidence": 0.9,
  "fix_success_rate": 0.95,
  "resolvable": "true",
  "first_seen": "2024-11-01",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}