nginx
auth_error
ai_generated
true
SSL 证书尚未生效:证书在指定日期之前无效
SSL: certificate not yet valid: certificate is not valid until date
ID: nginx/ssl-certificate-not-yet-valid
92%修复率
88%置信度
1证据数
2024-01-10首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| nginx/1.24.0 | active | — | — | — |
| nginx/1.22.1 | active | — | — | — |
根因分析
nginx 使用的 SSL/TLS 证书的 notBefore 日期在未来,系统时钟过快或证书尚未生效。
English
The SSL/TLS certificate used by nginx has a notBefore date in the future, so the system clock is ahead or the certificate is not yet valid.
官方文档
https://nginx.org/en/docs/http/ngx_http_ssl_module.html解决方案
-
Regenerate the certificate with a correct notBefore date using openssl: openssl x509 -req -in mydomain.csr -signkey mydomain.key -out mydomain.crt -days 365 -startdate $(date -d 'yesterday' +%Y%m%d%H%M%S)Z
-
Verify system date with command 'date' and synchronize using NTP: sudo timedatectl set-ntp true && sudo systemctl restart nginx
-
Obtain a new certificate from Let's Encrypt with certbot: sudo certbot renew --force-renewal
无效尝试
常见但无效的做法:
-
95% 失败
The certificate file itself is invalid; reloading does not change its notBefore date.
-
85% 失败
This controls client certificate verification, not server certificate validity.
-
60% 失败
This is a temporary workaround that breaks other time-sensitive services and is not a real fix.