After extending a certificate today, one of my users on Windows, Chrome 74, started seeing a certificate transparency required issue ERR_CERTIFICATE_TRANSPARENCY_REQUIRED. They do not see it on their Ubuntu or Mac machines.
I cannot see it on any of my browsers or devices, and it hasn’t been reported by other users yet.
Why would this have happened? How can I resolve it?
My domain is: app.developerhub.io
I ran this command: sudo certbot certonly --manual -d *.developerhub.io -d {all-the-domains} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --server https://acme-v02.api.letsencrypt.org/directory
It produced this output:
I extended the certificate and set up all the challenges then
Waiting for verification…
Resetting dropped connection: acme-v02.api.letsencrypt.org
Cleaning up challenges
IMPORTANT NOTES:
-
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/developerhub.io-0003/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/developerhub.io-0003/privkey.pem
Your cert will expire on 2019-09-19. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew” -
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
My web server is (include version): nginx version: nginx/1.10.3 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 16.04.4 LTS
My hosting provider, if applicable, is: Amazon Route53
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.28.0