Can not validate my certificate

Riolu · February 27, 2018, 3:18pm

Hello,
here is yesterday at 2am the SSL certificate was no longer valid on my website so I resign, but my site still has no SSL certificate, I contacted my hosting; but he tells me that this and my fault, before his market so I do not see where I am the culprit in this story, I would like to have more information about it

here is the error that is present on my website => http://prntscr.com/ikgvdg

on my interface CPANEL, there is no problem I have an SSL certificate but on the site he says it is not valid
http://prntscr.com/ikgwtl http://prntscr.com/ikgxxy http://prntscr.com/ikgyj4
cordially

stevenzhu · February 27, 2018, 3:43pm

Hi,

You need to provide us your domain name and other necessary info in order for us to help you.

Please fill the following form:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

Thank you.
P.S. Probably move to Help

sahsanu · February 27, 2018, 4:02pm

Hi @Riolu,

As @stevenzhu said, you should answer a few questions to know what is your situation, what you did and possible solutions.

Let me guess, your domain name is cryxxxxxxxding.net if that is the case, you are actually serving a certificate issued by cPanel and it expired 2 days ago “Feb 25 23:59:59 2018 GMT”.

You have issued several valid Let’s Encrypt certificates for your domain:

CRT ID     DOMAIN (CN)                             VALID FROM             VALID TO               EXPIRES IN  SANs
xxxxxxxxx  cryxxxxxxxding.net                      2018-Feb-27 10:58 UTC  2018-May-28 10:58 UTC  89 days     cryxxxxxxxding.net
                                                                                                             www.cryxxxxxxxding.net                       
xxxxxxxxx  cryxxxxxxxding.net                      2018-Feb-26 16:50 UTC  2018-May-27 16:50 UTC  89 days     cryxxxxxxxding.net
                                                                                                             www.cryxxxxxxxding.net                       
xxxxxxxxx  cryxxxxxxxding.net                      2018-Feb-26 16:45 UTC  2018-May-27 16:45 UTC  89 days     cryxxxxxxxding.net
                                                                                                             www.cryxxxxxxxding.net                       
xxxxxxxxx  cryxxxxxxxding.net                      2018-Feb-26 11:07 UTC  2018-May-27 11:07 UTC  88 days     cryxxxxxxxding.net
                                                                                                             mail.cryxxxxxxxding.net
                                                                                                             www.cryxxxxxxxding.net                       
xxxxxxxxx  test.cryxxxxxxxding.net                 2018-Feb-26 00:57 UTC  2018-May-27 00:57 UTC  88 days     test.cryxxxxxxxding.net
                                                                                                             www.test.cryxxxxxxxding.net                  
xxxxxxxxx  cryxxxxxxxding.net                      2018-Feb-26 00:55 UTC  2018-May-27 00:55 UTC  88 days     cryxxxxxxxding.net
                                                                                                             mail.cryxxxxxxxding.net
                                                                                                             www.cryxxxxxxxding.net                       
xxxxxxxxx  cryxxxxxxxding.net                      2018-Feb-26 00:20 UTC  2018-May-27 00:20 UTC  88 days     cryxxxxxxxding.net
                                                                                                             mail.cryxxxxxxxding.net
                                                                                                             www.cryxxxxxxxding.net                       
xxxxxxxxx  cryxxxxxxxding.net                      2018-Feb-26 00:11 UTC  2018-May-27 00:11 UTC  88 days     cryxxxxxxxding.net
                                                                                                             mail.cryxxxxxxxding.net
                                                                                                             www.cryxxxxxxxding.net                       
xxxxxxxxx  cryxxxxxxxding.net                      2018-Feb-25 23:44 UTC  2018-May-26 23:44 UTC  88 days     cryxxxxxxxding.net
                                                                                                             mail.cryxxxxxxxding.net
                                                                                                             www.cryxxxxxxxding.net

I’ve no idea who you issued those valid Let’s Encrypt certificates nor if the expired cPanel certificate should be renewed automatically (you should ask your hosting provider what is going on with this cPanel certificate).

I don’t use cPanel so I can’t provide too much help but other community buddies can help you if you explain in detail what you did and how you did it.

Good luck,
sahsanu

stevenzhu · February 27, 2018, 4:12pm

Hi,

After checking out other pictures you provided.
Please use this passage to turn off SSL scanning feature for bitdefender.
https://www.bitdefender.com/support/what-to-do-when-security-certificates-cannot-be-verified-installed-1090.html
Then you should be all right.

Thank you.

Riolu · February 27, 2018, 4:22pm

My domain is: https://crystalmodding.net/

I ran this command:
I lost the SSL yesterday at 2am and impossible to return his met puts that my certificate is no longer valid and expired while I renew

It produced this output: it always makes the same mistake, as my certificate is no longer valid

My web server is (include version): alls-heberg.fr

The operating system my web server runs on is (include version): Cpanel 68.0

My hosting provider, if applicable, is: alls-heberg.fr

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes

by contacting my hosting, he tells me that it is our side that there is a problem or if I put the same file on another WEB site (so another domain that has SSL) that it works perfectly, but on domain name crystalmodding.net impossible he tells me that the certificate has expired is no longer valid

Riolu · February 27, 2018, 4:25pm

but everyone see my site like this

stevenzhu · February 27, 2018, 4:30pm

What I see from my phone is cert invalid (expired).

In this case you are using CPanel’s certificate, please contact your host to renew the free ssl provided by CPanel.

If you are using CPanel, I highly suggest to use web based ssl interface (like zerossl.com, sslforfree.com) to issue a let’s encrypt ssl.

Thank you.

Riolu · February 27, 2018, 4:31pm

I agree with you puts my accommodation want nothing enttandre and he says that it comes from me I do not have what to do really

stevenzhu · February 27, 2018, 4:34pm

The CPanel Server should automatically renew your certificate.

If you wants to install the ssl, please gather one from web based interface, then install on server.

Thank you

Riolu · February 27, 2018, 4:38pm

ok I’m still going out of the phone contacted to find out more explanation, because this only by write

Riolu · February 27, 2018, 4:41pm

the problem is that on the Cpanel he tells me what the certificate is good and install but on my site he tells me he is expired

Riolu · February 27, 2018, 5:25pm

more on the Cpanel it is marked as what I attainted of limit to signed a certificate SSL for its domain name

schoen · February 27, 2018, 5:30pm

All of the records and errors show that you have obtained many new valid certificates, but that they aren’t being used by the server. This must be a problem in the configuration of cPanel or the configuration of the web server, not a problem with the ability to obtain certificates. That’s why @sahsanu emphasized that you should talk to the web hosting provider. If the web host has provided cPanel for you, it’s not working properly. Probably only the hosting provider can fix this.

If you installed cPanel yourself, then maybe you have installed it incorrectly somehow and then maybe you need to ask about this on the cPanel forums. But if the hosting provider installed it, the hosting provider has probably installed or configured it incorrectly. Normally when cPanel obtains new certificates, it is able to activate them in the web server right away. Apparently that’s not the case here!

Riolu · February 27, 2018, 5:41pm

hello, I totally agree with you the only problem is that my hosting provider says that it comes from us or the one who installed the Cpanel we did not take an offer and we had no accet Cpanel, I had an idea to completely remove my domain name from Cpanel and all redo with the SSL certificate but I’m still the limit because I can not put my SSL certificate on met no domain crystalmodding.net www.crystalmodding.net and mail.crystalmodding.net without having the error of the limit, because my hosting says that it comes from us he tells us to optimize the site he gives me as an example to put all image on a server in HTTPS, but I have for principle of hosted all puts image on my FTP and put like link directly like his example: style/image.png

Thank you for your response

Patches · February 27, 2018, 8:36pm

You appear to only have reached the Duplicate Certificate limit. If you or your hosting provider can arrange to set up a new subdomain and add it to the certificate as a SAN you will bypass this particular rate limit.

Keep in mind that there is also a Certificates per Registered Domain rate limit of which you have already used at least 6 of 20 certificates for the week.

Riolu · February 27, 2018, 8:44pm

if I am only 6 and the limit is 20 ne, is not yet attaint the limit;)

Patches · February 27, 2018, 8:54pm

There are two (relevant) limits. The limit I mentioned in the first paragraph, the Duplicate Certificate rate limit, applies to certificates that are completely identical and is only 5 certificates per week. This is the one you have reached.

Fortunately, you can work around this one by requesting a certificate that is not identical to the one has been rate limited, just by adding a subdomain to it.

I only mentioned the Certificate per Registered Domain limit because there is no workaround for it, so if you continue to have trouble you would want to be careful not to reach it.

Riolu · March 2, 2018, 10:27pm

Hello, Here we have all we tried we did not put the grass (ftp) but nothing to do that it does not work!, Restoring the server to 0 he put us as the main domain his: forumnet.allsh.eu, so I put a SSL certificate on it but nothing to do again a SSL certificate on this domain, I really disinspired !

system · April 1, 2018, 10:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.