Domain 1373.knightmare.ch got revoked by third party?

My domain is: 1373.knightmare.ch. Its certificate will expire on Sept. 13th 2019.
I tried accessing my server from internal network through three different desktop browsers (Safari, Firefox, Chrome), but all of them reported that the certificate got revoked.

I managed to connect to my server with iOS Safari and I could renew the Let’s Encrypt certificate, but apparently the “info” of the new certificate did not reach the servers with OCSP.

The operating system my web server runs on is (include version): Synology DSM 6.2

I can login to a root shell on my machine (yes or no, or I don’t know): no, or only with difficulty on iOS.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, only through the DS finder app in iOS.

Questions:

  • Can you please provide me information regarding who/what provoked the certificate revocation?
  • Can you tell me how to force desktop browsers to accept connections even when a certificate got revoked, furthermore on a local IP network 196.168.x.x?
  • How much time does it need between certificate renewal and suspension of the information of revocation of the former certificate?

Hi @knightmare

check

to find a reason. May be the domain owner, may be a hacked server. May be a published private key.

That’s a browser thing. If the browser doesn’t allow an exception, replace the certificate with a self signed certificate.

Both things are independent. You can immediately create a new certificate.

PS: Checked your domain - https://check-your-website.server-daten.de/?q=1373.knightmare.ch

The domain isn’t SDN listet - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx - so that’s not a reason.

And there is already a new certificate:

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-09-02 2019-12-01 1373.knightmare.ch - 1 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-06-15 2019-09-13 1373.knightmare.ch - 1 entries

But the old, revoked certificate is used.

So install the new certificate, don’t create a new.

Hi @JuergenAuer
Thanks a lot for your reply.

The problem originated indeed from the latest Synology update. I found out that many other Synology server owners suffered the same problem.
To solve the problem, a special step is necessary: not only to update the certificate, but to add and replace the former one.

Check this forum and this website for more info:


Kind regards

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.