A certificate contains an unknown extension that is marked “critical"

My domain is: namankanabroad.in

I was using letsencrypt ssl. On 14th August it got expired. So i renewed it on 15th. But after renewal, i was not able to get certs in putty ssh.

I ran this command:
cd acme-client

php -r “copy(‘https://getcomposer.org/installer’, ‘composer-setup.php’);”;
php composer-setup.php;

php -r “unlink(‘composer-setup.php’);”;

php composer.phar install --no-dev

php bin/acme issue --domains namankanabroad.in:www.namankanabroad.in --path /home/x123011738/public_html:/home/x123011738/public_html --server letsencrypt


cat fullchain.pem

It produced this output: /home/x123011738/acme-client/data/certs/acme-v01.api.letsencrypt.org.directory/namankanabroad.in: Is a directory

Again i ran this command:

cat fullchain.pem

It produced this output:
No such file or directory

Then i downloaded it from https://crt.sh/?q=namankanabroad.in
I installed the new certificates with the old private key.
Now it shows: A certificate may contain extensions marked “critical". and i am not able to open my site. Kindly help me.

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Debian

My hosting provider, if applicable, is: hostinger.in

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

You probably downloaded a “precertificate” version of your certificate. This is what is submitted to certificate transparency logs before the final “real” certificate is created.

The precertificate contains a critical extension called a “CT Poison” which prevents its use with servers etc.

Try using this certificate PEM instead: https://censys.io/certificates/56c2e34a30421a146d26295e625b49cee475749588eb492c734b74d3064ebe42/pem

Thanks a lot _az. Yeah, now its working. Actually i am new and i use to do my own work. So i dont have knowledge of all this. Can u please help me out to setup a cron job or cert bot for automated renewal of certificates.

Are you using shared hosting? I am guessing yes, based on your username.

Certbot is largely not compatible with shared hosting.

Are you using Plesk? cPanel?

There are some options depending on what your platform is. For example, with cPanel, you can use this tutorial with acme.sh. Same result (automatically renewing certificates), just different tools.

If you’re not on shared hosting, just follow the instructions on https://certbot.eff.org/ .

Yeah its a shared hosting. I am using plesk.
If certbot is not compatible with shared hosting, can i go with a cron job.
But i have one problem, i dont know how to setup a cron job.
Thanks in advance, if u can help me out.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.