[Let's Encrypt] Solution When 'Cert not yet due for renewal' Message Occurs with certbot renew

Tadashi Shigeoka ·  Sun, July 23, 2017

When the SSL certificate renewal command certbot renew for Let’s Encrypt produced a “Cert not yet due for renewal” error, I researched the background and will share what I found.

Let's Encrypt

Cert not yet due for renewal Error

When the SSL certificate expiration date is not yet approaching, running certbot renew will not execute any renewal.

$ certbot renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/yoursite.example.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/yoursite.example.com/fullchain.pem (skipped)
No renewals were attempted.

Summary of Dealing with "Cert not yet due for renewal"

When the SSL certificate expiration date approaches, you’ll receive an email with the subject “Let’s Encrypt certificate expiration notice” sent to the email address you entered when obtaining the Let’s Encrypt SSL certificate.

So for those doing manual renewal, I recommend running the certbot renew command after receiving the email from Let’s Encrypt.

That’s all from the Gemba.