Browser intermittently says cert is invalid

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Digital Ocean

I've had no problems with my SSL on this site for the last 5-years or so, but in the last few months the browser has started showing an error: YOUR CONNECTION IS NOT PRIVATE - and the SSL in the browser shows as having expired.

However, if I refresh the page a few times, or start a new session on the site, then it will work and will show an SSL that expires in several months' time.

The problem happens intermittently, but frequently - on multiple browsers and separate devices.

My own technical knowledge is limited so I'm hoping someone might have some simple suggestions!

1 Like

Your certificate is only valid for but you redirect to (no www.) And that's using an expired certificate.

You should fix your redirect not to change the domain name, and you should probably also expand your certicifate to include without www.

% curl -IL4

HTTP/1.1 301 Moved Permanently

Date: Thu, 28 Dec 2023 14:35:41 GMT

Server: Apache/2.4.29 (Ubuntu)


Content-Type: text/html; charset=iso-8859-1

curl: (60) SSL certificate problem: certificate has expired

More details here:

curl failed to verify the legitimacy of the server and therefore could not

establish a secure connection to it. To learn more about this situation and

how to fix it, please visit the web page mentioned above.

I can easily reproduce the problem you describe. This is most likely caused by one of your Apache worker processes becoming "stuck".

Just restarting Apache is not enough to fix this usually. A restart of the entire server is usually needed. If that is not possible you can just look for and kill the offending process. But, this takes some skill and you say yours is limited.

There is no need to get a new cert. Just one of these workers is using a much older cert.


Thank you - a simple reboot of the server seems to have resolved the problem!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.