SEC_ERROR_EXPIRED_CERTIFICATE

[TOWA-GitHub]

It seems our instance of globalleaks fails to renew the certificat. Standard certbot renewal does not work. We can also not access the backend since HTTP Strict Transport Security (HSTS) is active. Does anyone know how to renew the globalleaks letsencrypt certificate diretly from terminal or deactivate (HSTS) so that we can access the backend? Thanks.

[evilaliv3]

You should be able to access with a fresh browser or with the same browser if you reset your HSTS cache. Disabling HSTS would not make any sense since the setting is now in the browser cache and is the browser that won't allow lowering the security.

As for the reason the renewal do not work I would ensure that you firewall allows connections to both port 80 and 443 that are both necessary. The renewal infact happens on port 80