I've been successfully using René Klomp's scheme for using LetEncrypt certs with UTM9's reverse-proxy setup for over a year until this weekend. It seems the cron job properly detected the soon-to-expire cert, renewed it, and used René's update-cert script to install it into the UTM's certificates but not completely. The reverse proxy is still using the old expired cert.
I manually ran the getssl script last night to see if that would fix it but no luck. When I pull up Webserver Protection > Certificate Management > Certificates and find the entry in question, it shows "Valid from Sep 10 01:11:17 2018 GMT through Dec 9 01:11:17 2018 GMT" as expected but when I download the cert in PEM format and look inside, it's the expired cert with "Not After : Sep 9 16:55:15 2018 GMT" in it.
I SSH'd into the machine and found /var/storage/chroot-reverseproxy/usr/apache/conf/ssl still contains the old cert so I don't think this is a caching issue on the client or in some intermediate proxy.
Anybody have a suggestion where to look further?
This thread was automatically locked due to age.
