Expired Certificate - Even After Renewal

muka.gergely · 2019-02-11 12:20:54 UTC

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
masterprint.eu
I ran this command:
automatic update using MediaTemple (Plesk) admin extension
It produced this output:
Browsers still see the previous (expired) certificate
My web server is (include version):
Apache 2.2.15
The operating system my web server runs on is (include version):
CentOS
My hosting provider, if applicable, is:
MediaTemple
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes (but I’m not experienced with it)
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Plesk
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
??? (I have no idea)

My problem is: I got an SSL certificate from https://www.sslforfree.com, and it worked correctly (no problem installing it and setting the website up for HTTPS). I tried to renew it a week ago, and I thought everything is fine - until today when I found out that
browsers still see the expired certificate.
I tried to repeat the process, and even got a Let’s Encrypt certificate, but nothing has changed, the browser warning is still there.

I have no clue what to do next. Does anyone have an idea what could be going on?

Thank you in advance!

JuergenAuer · 2019-02-11 14:03:52 UTC

Hi @muka.gergely

if you use MediaTemple / Plesk, why do you use sslforfree.com parallel?

Looks like you have manual created a certificate and uploaded that. Perhaps that has deactivated the integrated solution.

Isn’t there an integrated menu?

muka.gergely · 2019-02-11 14:08:08 UTC

I dod not see the (Plesk) extension available when I first wanted to move sites to SSL, so I just used the first certification provider that looked sympathetic - and I stuck with that. Nothing planned, but it worked nicely.

I used sslforfree.com first, I only turned on the Let’s Encrypt service today - after trying to solve the problem first with the other provider.

JuergenAuer · 2019-02-11 14:19:30 UTC

You have created 4 certificates today.

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:masterprint.eu&lu=cert_search

(4 pre- and 4 leaf certificates are listed).

So the installation doesn’t work. How did you upload / install the certificate?

Did you reload / restart your server?

I see, you have already tested you domain via https://check-your-website.server-daten.de/?q=masterprint.eu

It’s curious that one check is blocked

https://masterprint.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

ConnectionClosed - The request was aborted: The connection was closed unexpectedly.

The rest looks ok.

muka.gergely · 2019-02-11 15:35:43 UTC

Thank you - I checked it with check-your-website.server-date.de but I couldn’t really understand the results - green OK, yellow - not bad, red - fail.

But I managed to restart the server with the help of a more knowledgeable colleague, and cleared all other certificates except the newly created Let’s Encrypt certification - and lo and behold the frontend works fine. Something’s not right with the admin, but I think it’s not related to the certification problem.

Some information about the solution: it seemed as the private key and the cert file were not uploaded correctly (from the original SSL For Free cert), and it just messed everything up with Apache.

Thank you all for trying to help, and sorry that I cannot provide an exact diagnose and solution for the problem - but for now the problem is solved.

JuergenAuer · 2019-02-11 15:46:14 UTC

Happy to read that.

Oh, that’s sometimes normal. Such integrated systems may have bugs. Or it’s a caching problem.

Rechecking your domain ( https://check-your-website.server-daten.de/?q=masterprint.eu ):

Domainname	Http-Status	redirect	Sec.	G
• http://masterprint.eu/
70.32.97.150	301	https://masterprint.eu/	0.220	A

• http://www.masterprint.eu/
70.32.97.150	301	https://www.masterprint.eu/	0.203	A

• https://www.masterprint.eu/
70.32.97.150	301	https://masterprint.eu/	2.124	B

• https://masterprint.eu/
70.32.97.150	200		2.703	B

That’s good. A Grade B, three correct redirects, one http status 200.

And your certificate is valide:

CN=masterprint.eu
	11.02.2019
	12.05.2019
expires in 90 days	masterprint.eu, www.masterprint.eu - 2 entries

and has both domain names.

I should add some documentation

muka.gergely · 2019-02-11 16:08:48 UTC

Thanks for checking again, and I’m happy that now it works as it should!

It wasn’t the documentation that was missing in understanding the checkup site results - rather my knowledge of the workings of DNS, SSL and Apache. I’m quite comfortable with web/app dev, but hosting/server support is a different expertise