I keep running into the problem where I am being blocked by an Error: NET::ERR_CERT_DATE_INVALID / Your connection is not private. But it's happening intermittently.
One minute it will be fine, showing the new certificate valid till August, the next it will show the old certificate and not let me through. Any advice would be much appreciated.
My domain is: www.pookpress.co.uk
I can reproduce your problem consistently.
This is most certainly because you have a stuck Apache worker still using the prior cert. You may need to restart your server to clear that.
If you are very skilled you could check all the running processes and kill the Apache workers that look old. But, easiest is to restart server if it's not too much downtime.
I also see this:
I also see this:
curl -Ii http://www.pookpress.co.uk/x/y/z
HTTP/1.1 301 Moved Permanently
Date: Wed, 14 Jun 2023 12:31:06 GMT
Server: Apache/2.4.29 (Ubuntu)
Notice the extra "
/" after "
Looks like lots of problems. Note the www domain fails every third check or so just with routine openssl cert checks
The root domain and redirect problems you point out are extra:-)
Yes, could be low memory issues OR bad script logic/timing that has left orphan processes running.
Your recommendation is spot on:
And, yes, my findings are in addition to that.
Hopefully they can address them all before closing this topic.
This [or something else] seems to have been ongoing for months:
As shown, 9 out of last 13 renewals have been done well below the expected 60 day interval.
The yellow on the right is the cert popping up intermittently.
Likely long before May 17th.
It just would have been valid before then and would have gone unnoticed.
These are Cloudflare IPs. That means that the CT logs may include Cloudflare requests, although those would be unlikely to be late. It also means that Cloudflare settings may be interfering with origin renewals. It is unusual to see the apex name proxied and the
www hostname set to DNS Only.
www name isn't using Cloudflare.
I listed only
Yes, that seems backwards - LOL
Thank you so much for all your responses. I am not very skilled, but I know a guy who is, so I will pass on your helpful advice and see if we can get this sorted
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.