After the website is automatically renewed, the OCSP status of the corresponding certificate is revoked. What should I do?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:https://www.yuweibeauty.com/

I ran this command:

It produced this output:

My web server is (include version): I don't know;

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Just renew your certificate again. I assume the last certificate was included in the recent Let's Encrypt revoke of certificate which use the TLS-ALPN-01 challenge. If you search the forum you will see there was a recent event that required these certificates to be revoked, you should also have received an email from Let's Encrypt about it.

If you are not using TLS-ALPN-01 then you would need to have revoked the certificate yourself somehow.

4 Likes

Try this:

2 Likes

@9peppe The IP address of the host seems to be from Linode. Is Linode associated with Lightsail somehow?

Your assumption is correct. If you enter OPs hostname in https://tls-alpn-check.letsencrypt.org/, you'll get the following result currently:

[www.yuweibeauty.com]: The certificate retrieved from your web server has serial 0348bf939584fb301044b6b6f2a4990fd8df and was found in our affected data set. Please renew your certificate as soon as possible. Help is available at Questions about Renewing before TLS-ALPN-01 Revocations

@itwangxiaobai It would be very helpful if you could answer more questions from the questionnaire. E.g., you probably should know what hosting provider is hosting your website. I.e.: to whom are you paying the bill for your website?

4 Likes

No, lightsail is just aws branding for an "usual" VPS.

But bitnami, you can deploy on any VPS.

2 Likes

But where comes the "Bitnami" party come from?

2 Likes

from it being tls-alpn-01 and the questionnaire being practically empty :wink:

it's a guess, but I think it's a good one.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.