# SSL 证书尚未生效：证书在指定日期之前无效

- **ID:** `nginx/ssl-certificate-not-yet-valid`
- **领域:** nginx
- **类别:** auth_error
- **验证级别:** ai_generated
- **修复率:** 92%

## 根因

nginx 使用的 SSL/TLS 证书的 notBefore 日期在未来，系统时钟过快或证书尚未生效。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| nginx/1.24.0 | active | — | — |
| nginx/1.22.1 | active | — | — |

## 解决方案

1. ```
   Regenerate the certificate with a correct notBefore date using openssl: openssl x509 -req -in mydomain.csr -signkey mydomain.key -out mydomain.crt -days 365 -startdate $(date -d 'yesterday' +%Y%m%d%H%M%S)Z
   ```
2. ```
   Verify system date with command 'date' and synchronize using NTP: sudo timedatectl set-ntp true && sudo systemctl restart nginx
   ```
3. ```
   Obtain a new certificate from Let's Encrypt with certbot: sudo certbot renew --force-renewal
   ```

## 无效尝试

- **** — The certificate file itself is invalid; reloading does not change its notBefore date. (95% 失败率)
- **** — This controls client certificate verification, not server certificate validity. (85% 失败率)
- **** — This is a temporary workaround that breaks other time-sensitive services and is not a real fix. (60% 失败率)