Expired domain certificate prompt while opening Outlook

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:shoppersstop.com

I ran this command: let’s encrypt certificate prompt request while opening Outlook.

It produced this output:et’s encrypt certificate prompt request while opening Outlook

My web server is (include version): na

The operating system my web server runs on is (include version):na

My hosting provider, if applicable, is: na

I can login to a root shell on my machine (yes or no, or I don’t know):i dont know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): no certbot used.

Hi Team,
Our domian shoppersstop.com is not subscribing to certificate from Let’s encrypt. But we are still getting unknown expired certificate prompt while opening Outlook.
Please help to check if any certificate has been subscribed . If yes for what application please and any contact persona details.
Any help in this regard is highly appreciated…

Thanks
Priya

1 Like

Please show a screenshot of that error message.

1 Like

https://crt.sh/?id=1785801159
This certificate is showing expired. The thumbprint and serial number in this certificate matches the certificate that pops-up when launching outlook.

Thanks
Priya

Hi @Priyakjay

what server is that? What domain do you use in your Outlook?

It's not your shoppersstop.com - there are no mail ports open - https://check-your-website.server-daten.de/?q=shoppersstop.com

Or a firewall blocks, but that's ununsual.

There are 22 Letsencrypt certificates - check the CT-part - https://check-your-website.server-daten.de/?q=shoppersstop.com#ct-logs

5 active, older are expired.

Hi @JuergenAuer,
Many thanks for your response…we are using mail.shopperstop.com for our email services. Can you give the public IP for Let’s encrypt from which the certificates are being pushed …we can try checking from our firewall, if in case any requests from your source is getting blocked.
Alternatively, can you please help us with the ports which are required to be open so that certificate gets pushed to internal domain.
When outlook Is connected to internet, it is working fine. But it is an issue when outlook is connected to internal LAN.

Cheers
Priya

1 Like

Please read the FAQ:

Letsencrypt doesn't publish such a list.

Sounds like a wrong configuration, not like a certificate problem. The internal LAN must have the same domain name. If this isn't possible, you have to use dns validation to create a certificate with a not public visible subdomain name.

Read

Glad to hear it is working from the Internet - that means the cert is OK. :slight_smile:
What is issue when connecting form the LAN?
[please show a screenshot]

Just an FYI:
[I see different IPs]

Name: shoppersstop.com
Address: 35.200.250.245

Name: cs608.adn.zetacdn.net
Address: 152.195.54.113
Aliases: www.shoppersstop.com

Hello @rg305,
Thanks for your response…we are getting a certificate prompt of an expired certificate when we are opening Outlook…I have the screenshot attached to the response in the same email thread 5 days ago.
We have 2 domain certificates( shoppersstop.com)…one from Go daddy and other from let’s encrypt… Go Daddy certificate should be taken by outlook.
Though there is no certificate prompt on the outlook when connecting from internet, In he internet network, we are getting a cert expiry prompt from let’s encrypt.
Thanks
Priya

Who runs the email server?

This sounds like either port forwarding or split-horizon DNS, with the result that a different server or port is accessed in these two cases. Is that possible?

Or is it possible that the server is accessed under a different name in these two cases?

1 Like

Thanks Guys…The issue is fixed now…looks like the internal DNS records for the site was not updated properly…now that it is done, it is looking up for the correct certificate…Thanks again for all your suggestions to towards this issue .
Cheers
Priya

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.