When the SSL certificate renewal command certbot renew for Let’s Encrypt produced a “Cert not yet due for renewal” error, I researched the background and will share what I found.

Cert not yet due for renewal Error

When the SSL certificate expiration date is not yet approaching, running certbot renew will not execute any renewal.

$ certbot renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/yoursite.example.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/yoursite.example.com/fullchain.pem (skipped)
No renewals were attempted.

Summary of Dealing with "Cert not yet due for renewal"

When the SSL certificate expiration date approaches, you’ll receive an email with the subject “Let’s Encrypt certificate expiration notice” sent to the email address you entered when obtaining the Let’s Encrypt SSL certificate.

So for those doing manual renewal, I recommend running the certbot renew command after receiving the email from Let’s Encrypt.

That’s all from the Gemba.