Can't get rid of an expired certificate


#1

My domain is: dreambricksgh.com
My web server is (include version): Apache 2.4
The operating system my web server runs on is (include version): Ubuntu 16.04.3
I can login to a root shell on my machine (yes or no, or I don’t know): Yes

SSLChecker shows 2 certs:
Cert #1 issued for dreambricksgh.com is expired and renewal has no effect.
Cert #2 issued for dreambricksgh.com is valid.

Browsers always warn that one of the certificates presented has expired


#2

The problem seems to be ocuring intermittently. I access the page and everything is fine (cert is not expired) but on refresh sometimes the expired certificate is provided.

Edit: 4 certificates were issued in the last two days: https://transparencyreport.google.com/https/certificates?hl=en&cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:dreambricksgh.com;issuer_uid:4428624498008853827&lu=cert_search


#3

Hi @jahlom

I see an old certificate: SEC_ERROR_EXPIRED_CERTIFICATE - valide 2018-07-07.

How did you create this certificate? With certbot?

If yes: What says

certbot certificates

So use a newer certificate.


#4

Seems @jahlom is serving both certificates randomly:

$ for i in {1..10};do echo "Test $i"; echo | openssl s_client -connect dreambricksgh.com:443 -servername dreambricksgh.com  2>/dev/null | openssl x509 -noout -subject -dates; echo "";done
Test 1
subject=CN = dreambricksgh.com
notBefore=Aug  9 10:48:05 2018 GMT
notAfter=Nov  7 10:48:05 2018 GMT

Test 2
subject=CN = dreambricksgh.com
notBefore=Aug  9 10:48:05 2018 GMT
notAfter=Nov  7 10:48:05 2018 GMT

Test 3
subject=CN = dreambricksgh.com
notBefore=Apr  7 23:21:32 2018 GMT
notAfter=Jul  6 23:21:32 2018 GMT

Test 4
subject=CN = dreambricksgh.com
notBefore=Aug  9 10:48:05 2018 GMT
notAfter=Nov  7 10:48:05 2018 GMT

Test 5
subject=CN = dreambricksgh.com
notBefore=Apr  7 23:21:32 2018 GMT
notAfter=Jul  6 23:21:32 2018 GMT

Test 6
subject=CN = dreambricksgh.com
notBefore=Apr  7 23:21:32 2018 GMT
notAfter=Jul  6 23:21:32 2018 GMT

Test 7
subject=CN = dreambricksgh.com
notBefore=Aug  9 10:48:05 2018 GMT
notAfter=Nov  7 10:48:05 2018 GMT

Test 8
subject=CN = dreambricksgh.com
notBefore=Apr  7 23:21:32 2018 GMT
notAfter=Jul  6 23:21:32 2018 GMT

Test 9
subject=CN = dreambricksgh.com
notBefore=Aug  9 10:48:05 2018 GMT
notAfter=Nov  7 10:48:05 2018 GMT

Test 10
subject=CN = dreambricksgh.com
notBefore=Apr  7 23:21:32 2018 GMT
notAfter=Jul  6 23:21:32 2018 GMT

It is using Amazon’s services so maybe something related to a load balancer or something with the control panel, I don’t use Amazon’s services so I’ve no idea ;).

Cheers,
sahsanu