Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
It produced this output:
My web server is (include version):
Docker ngnx-mainline-alpine
The operating system my web server runs on is (include version):
Docker ngnx-mainline-alpine
My hosting provider, if applicable, is:
self
I can login to a root shell on my machine (yes or no, or I don't know):
I dont know
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 0.31.0
Hi, I am hoping you can help me with my very urgent problem.
I have an embedded client application on 10,000 devices deployed in the field that communicates with our servers over HTTPS. It has two expired certs and one cert that will expire in May 2025.All these client side scripts are LetsEncrypt certs. It is not possible for me to update the client on the devices. Lets Encrypts certs on the server no longer work with the device even with the one that will not expire until May 2025. I have downgraded the last issued lets encrypt cert on the server to the previously issued one but it will expire on the 16th of this month.
Is there something I can do to get Lets Encrypt to work with a client cert that expires in one year. Also I have been informed that it is possible for a certificate authority to issue a special cert that will work with soon to expire or expired client certs. Does anyone know an issuing authority that can do this?
If any one could provide an answer I would very much appreciate it as my company is facing collapse if a suitable cert cannot be installed on our servers in the next two weeks.
Thank you.
David Gleeson
These are the details of the three keys.
Common Name: Baltimore CyberTrust Root
Subject Alternative Names:
Organization: Baltimore
Organization Unit: CyberTrust
Locality:
State:
Country: IE
Valid From: May 12, 2000
Valid To: May 12, 2025
Issuer: Baltimore CyberTrust Root, Baltimore
Key Size: 2048 bit
Serial Number: ****
Common Name: DST Root CA X3
Subject Alternative Names:
Organization: Digital Signature Trust Co.
Organization Unit:
Locality:
State:
Country:
Valid From: September 30, 2000
Valid To: September 30, 2021
Issuer: DST Root CA X3, Digital Signature Trust Co.
Key Size: 2048 bit
Serial Number: ***
Common Name: CAcert Class 3 Root
Subject Alternative Names:
Organization: CAcert Inc.
Organization Unit: http://www.CAcert.org
Locality:
State:
Country:
Valid From: May 23, 2011
Valid To: May 20, 2021
Issuer: CA Cert Signing Authority, Root CA
Key Size: 4096 bit
Serial Number:*****