We have a centos 7 LAMP server and two other centos 7 Wowza 4.8.0 connected by Wowza load balancer. All the servers have the correct Linux date. All the servers have the same let’s encrypt certificate which expires today 17/9/2020.
All the servers are offline and so the SSL has to be renewed manually every 3 months via the DNS verification method. Basically I generate a wildcard certificate on my PC, upload it to the Wowza server, use this tool, And run this command
/usr/local/WowzaStreamingEngine/java/bin/java -jar /usr/bin/wowza-letsencrypt-converter-0.2.jar /usr/local/WowzaStreamingEngine/conf/ssl/ /etc/letsencrypt/live/ && systemctl restart WowzaStreamingEngine
Today I was renewing the certificates, the certificate was working fine on the LAMP server, but was expired on both Wowza servers, chrome tells me that the certificate will expire tomorrow but if you try to watch something over https, it won’t play and the developer console will say certificate invalid, if you try accessing the Wowza manager, it will say the same.
I don’t know for how long it’s been like that, I don’t check the servers on a daily basis, maybe a week, no clue. Is there a reason for Wowza to mark the certificate as invalid before the expiration date? If so can we fix it? and how long before the actual expiration date does the certificate expires? So we can take that into account.