EXPIRED: Certificate 1 of 3 in chain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail.sibex.com

I ran this command: https://www.checktls.com/ then put in my email domain

It produced this output: https://www.checktls.com/

My web server is (include version):

The operating system my web server runs on is (include version): Windows 2008r2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Sorry I am new here. I have used the ZeroSSL.com site to generate the needed SSL certs for our Kerio mail server for about 2 years. For some reason my first cert of my chain is showing expired on 7/24/19. I don’t understand as I have done the same steps that I normally performed for the last 2 years. The https://mail.sibex.com comes up normally. The SSL checks out find. But when I go to https://checktls.com I get an error about:
EXPIRED: Certificate 1 of 3 in chain: Cert VALIDATION ERROR(S): certificate has expired
So email is encrypted but the recipient domain is not verified
Cert Hostname VERIFIED (mail.sibex.com = mail.sibex.com | DNS:mail.sibex.com)
Not Valid Before: Apr 24 21:44:57 2019 GMT
Not Valid After: Jul 23 21:44:57 2019 GMT

Hi @many

did you restart your mail server?

@JuergenAuer Thank you for the response.

Yes I restarted the service and that changed nothing so I restarted the whole server and that changed nothing. I then stopped the mail services and manually added the cert and then started the service. I then went through the steps and requested a new cert on the off chance I goofed or the cert file was damaged. Nothing has changed this issue.

I don’t know how to configure that Kerio Mail server.

Yep, you have created a new certificate

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-08-03 2019-11-01 mail.sibex.com - 1 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-07-22 2019-10-20 mail.sibex.com - 1 entries
Let’s Encrypt Authority X3 2019-06-17 2019-09-15 autodiscover.sibex.com, cpanel.sibex.com, mail.sibex.com, sibex.com, webdisk.sibex.com, webmail.sibex.com, www.sibex.com - 7 entries

Only idea: Is this

seconds test stage and result
[000.041] Connected to server
[000.189] <– 220 Cuda.Sibex.com ESMTP (e401d4190370f5d86452996e1017f190)
[000.189] We are allowed to connect
[000.190] –> EHLO www6.CheckTLS.com
[000.246] <– 250-Cuda.Sibex.com Hello www6.checktls.com [159.89.187.50], pleased to meet you

250-SIZE 100000000
250-STARTTLS
250-PIPELINING
250-8BITMIME
250 HELP|

the answer of your kerio? (Cuda.sibex.com)? Or is this another mail server?

1 Like

yes that is the mail filtering box.

You fixed it for me. Or atleast pointed me in the direction. When I checked our filter it was still using the old cert. I updated that and then we were working correctly again. Thank you!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.