Cert Expired how to renew


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
www.benefits.gov
www.govloans.gov
ssabest.benefits.gov
I ran this command:
open browser to the urls:

  1. https://www.benefits.gov
  2. https://www.govloans.gov
  3. https://ssabest.benefits.gov

It produced this output:

Your connection is not private

Attackers might be trying to steal your information from www.benefits.gov (for example, passwords, messages, or credit cards
My web server is (include version):
nginx
The operating system my web server runs on is (include version):
Docker/ Kubernetes
My hosting provider, if applicable, is:
Azure
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no


#2

Hi @kamal,

Sorry to hear you’re having challenges with your HTTPS deployment. I think we can get to the bottom of it!

The first and the second website here seem fine to me. From my perspective it seems the only one with the problem is the third: https://ssabest.benefits.gov/

The root cause of your problem is not your HTTPS certificate, but the content of the website. The website is loading an image from a non-HTTPS website. This is generally known as a “mixed content error”.

You can see this error if you open up the Chrome or Firefox developer console:

Mixed Content: The page at ‘https://ssabest.benefits.gov/’ was loaded over HTTPS, but requested an insecure image ‘http://www.govloans.gov/profiles/bg_profile/themes/bootstrap/img/glyphicons-halflings-white.png’. This content should also be served over HTTPS.

As the error message indicates you can fix this problem by changing the image URL to use https://www.govloans.gov instead of http://....

You might also find this tool helpful for tracking down this kind of error in the future: https://www.whynopadlock.com/ In this case it confirms the mixed content error: https://www.whynopadlock.com/results/527b68c2-51cd-4572-8996-03af7eabb268

Hope that helps!