Certificate continually failing

Likely something might be stopping the web service to do whatever it needs to do and then restarts the web service.

I'd start by looking at the cron type jobs that run around those times.


Did that. There are actually no CRON jobs on that server at all. Other than system jobs I suppose. I have another sever that hosts all of my CRON jobs and they all perform email and database functions. If those CRON jobs were actually bringing this server down, there are other servers it would bring down too, and that is not happening.

Are there any logged messages that might help explain why this is happening?


Not that I can see, but is there a particular log file I would look in for that?

/var/log/syslog ?


/var/log/messages ?


I thought Ubuntu used /syslog but best to check all the logs in /var/log :slight_smile:

Apache error and even access logs might have good clues too. Might have to set these up if not in place already.


Nothing suspicious in any of the log files that I can find, I think I might try to switch one of the domains to another certificate and see if that domain stops going down. Running out of ideas.

You are describing a randomly freezing server. You might get good insights for that on an Apache or server admin forum.

rg305 had a good idea to check for an ACME client (like Certbot) which might have "wrongly" been restarting your server. But, you could not find that. If Apache were being restarted it would be seen in your system log.

It is nearly impossible to be related to which cert is used in Apache. Maybe your site gets overwhelmed handling https in general. Just guessing. Even so, server hardening and tuning is beyond the scope of this forum.


The server is not freezing though. I am currently SSH'd into the server and able to run commands and this is what I am getting from Pingdom right now.

Can you show the invalid Certificate that generated that "Error" (i.e. issue)?

1 Like

How would I do that?

To me, the most desirable way would be the same way that Pingdom did, or get it from Pingdom.

If pingdom is using ICMP (like ping) that's not the same as using TCP for HTTP(S).

In last few minutes I saw your port 80,443 closed and now re-opened. I used this domain name as that is the cert returned when I check the IP you showed. Did you stop Apache just before 14:54 and resume before 14:59 UTC?

Starting Nmap 6.40 ( http://nmap.org ) at 2022-09-14 14:54 UTC
Nmap scan report for admin.constructionequipmentguide.com (
22/tcp   open   ssh
80/tcp   closed http
443/tcp  closed https

Starting Nmap 6.40 ( http://nmap.org ) at 2022-09-14 14:59 UTC
Nmap scan report for admin.constructionequipmentguide.com (
22/tcp   open   ssh
80/tcp   open   http
443/tcp  open   https

Everything blew up again. I decided to try and reboot the server, hoping something was out of whack and kick it back into place. When the server came back up, no site on the server would load at all. Just Service Unavailable 503 errors.

I can't have the server down like this in the middle of the day, so I, in a panic, swapped IP Address with my last Ubuntu 14 server just to get the sites running again and give a me a little breathing time to try and figure out what is going on, or even start over from scratch with a new server.

This was before I restarted the server and was during one of Pingdom's reported outages.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.