Error in connection establishment: certificate transparency required

I’m getting an error similar to Certificate transparency error on Chrome 74 after extending certificate

I have an app on app.speakrandom.com that uses a WebSocket API at api1.speakrandom.com

This API uses let’s encrypt to use https. On Windows in Chrome, I get the following error (from the console in app.speakrandom.com:

WebSocket connection to 'wss://api1.speakrandom.com/socket.io/?EIO=3&transport=websocket' failed: Error in connection establishment: net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED

This happened after renewing the certificate. Before this it was working perfectly.

Please help me out here, thanks.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: api1.speakrandom.com

I ran this command: sudo certbot renew --nginx

It produced this output:
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for api1.speakrandom.com
Waiting for verification…
Cleaning up challenges

new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/api1.speakrandom.com/fullchain.pem

IMPORTANT NOTES:

• Your account credentials have been saved in your Certbot
  configuration directory at /etc/letsencrypt. You should make a
  secure backup of this folder now. This configuration directory will
  also contain certificates and private keys obtained by Certbot so
  making regular backups of this folder is ideal.

My web server is (include version): nginx version: nginx/1.14.2

The operating system my web server runs on is (include version): Debian 10

My hosting provider, if applicable, is: Google Cloud Compute Engine

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Could you please read over my post at $50 bounty request: a Chrome log export of the "certificate transparency required" error?

I would really appreciate it if we could help each other out!

Hmm this is awkward… I went ahead and followed your instructions. The log was well written, but then I remembered that I forgot to add the --bwsi flag, so I went ahead and started logging again to the same file (overwritten), but this time the error wasn’t produced anymore.

Sorry about that, what can I do now?

Ahhhhhh! If it was overwritten, that’s too bad. Thank you for trying anyway.

At least it wasn’t a $1,000,000 Bitcoin wallet or something.

(I hope someone succeeds in claiming the bounty soon and we get some more visibility into why this error happens!)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.