Different SSL certificate randomly appears multiple times per hour

Hi there, this is a bit of an odd one for me and I’m not sure where to even start. I’ve successfully issued and installed SSL certs via certbot for my domain and subdomains. Everything seemed to be going great until I started experiencing random SSL drops. A couple of times per hour, my sites start displaying a “not secure” error with SSL, and when I look into this I notice that the certificate is no longer my own, but a self-issued one for a totally different website. Strangely, maybe a minute later, if I refresh the page my SSL cert is back and the site is working correctly again.

This has me totally baffled as to how this would happen. It seems to be fine then has these very random short drop-outs where a different (and self-signed) certificate for a random site shows up. Only myself and the VPS account owner have access to the server so nobody else should be able to do anything server-side.

Anyone have any experience of this sort of problem?

My domain is: eoixx.space (www.eoixx.space, pathfinder.eoixx.space, seat.eoixx.space)

My web server is (include version): Apache 2.4.29 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-106-generic x86_64)

My hosting provider, if applicable, is: (VPS Host) sonicfast.io

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Manages basic VPS functions only, server managed directly via SSH

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

1 Like

Hi @FjerrFjerrson

I don’t see the error you have seen. But there is a much more simpler error - https://check-your-website.server-daten.de/?q=eoixx.space

Your certificate

CN=pathfinder.eoixx.space
	18.06.2020
	16.09.2020
expires in 90 days	pathfinder.eoixx.space, seat.eoixx.space, 
www.eoixx.space - 3 entries

has only three domain names, eoixx.space is missing.

So the main domain is insecure, the three others are correct.

May be your browser has an old cache, so you see another certificate.

First step: Create one certificate with 4 domain names and use that. Then check if you see the error again.

1 Like

Thank you very much for your response :slight_smile:

I see what you are referring to, so I have tried to epand the cert to include eoixx.space but this is the output I got:

(For the record: i’ve checked file permissions for the eoixx.space document root, etc. and it all appears fine, I have also checked the IP address and DNS record entries which also look fine I think)

Renewing an existing certificate
Performing the following challenges:
http-01 challenge for eoixx.space
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. eoixx.space (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://eoixx.space/.well-known/acme-challenge/D461CTr7Nq0huxsLqK9ppSfLcWafqDX0YfglTM2E4-8 [2.56.8.199]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: eoixx.space
   Type:   unauthorized
   Detail: Invalid response from
   http://eoixx.space/.well-known/acme-challenge/D461CTr7Nq0huxsLqK9ppSfLcWafqDX0YfglTM2E4-8
   [2.56.8.199]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.