Followed all steps for https://gethttpsforfree.com/ - still not sure it's right


#1

This may have to do with the partial service disruption in the last 24 hours and just hasn’t shaken out on my server yet.

We did receive the email notification in October:

Automatic Let’s Encrypt renewal for ladybugarborists.com was completed.
The certificate now expires on 2016-12-22 07:09:00 -0500 EST.

This certificate will be automatically renewed at that point.

However, the site has changed servers since then, and we’ve never used Let’s Encrypt before, so we’re not really sure what we’re doing or if everything is setup right on the new server. :joy:

Currently, when we check the SSL Server Test, it’s still saying that the certificate expired in October.

Regardless of whether or not it’s just a result of the service disruption, I’ll need to make sure that it’s setup properly and will renew on Dec 22.

How do I check this?

Thanks!


#2

Hi @offthewall,

Could you tell me whom you received that notification from? Let’s Encrypt itself doesn’t send that kind of notification, to my knowledge. I would expect gethttpsforfree users to have to manually renew the cert by repeating the original process everything three months; I didn’t think it had any automatic renewal feature.

Is it possible that you were previously using a different hosting provider that also had some kind of Let’s Encrypt support of its own?


#3

Hi Seth.

The site was on a completely different server. It kinda got tossed at me and I have no idea how the ssl cert was done before. We did get an automated message from the host I’m assuming.

Below is the message.

Begin forwarded message:

From: root@server24.hostwhitelabel.com
Date: September 23, 2016 at 7:09:05 AM MDT
To: ladybugarborists@gmail.com
Subject: [Let’s Encrypt SSL] SUCCESS of renewal of ladybugarborists.com

Automatic Let’s Encrypt renewal for ladybugarborists.com was completed.
The certificate now expires on 2016-12-22 07:09:00 -0500 EST.

This certificate will be automatically renewed at that point.

Regardless of what was set before, how do I check the work I did today on it? How do I figure out if what’s setup now is properly working.

On my last check (after clearing my browser cache) I’m still showing the the certificate is expired when using the ssl checker thingy, er, site, yah.

Does that mean I did it wrong?

Thanks


#4

Hi @offthewall,

That’s interesting — the message from hostwhitelabel.com appears to be based on that service’s own support for Let’s Encrypt (which is almost sure to be separate from what you did using gethttpsforfree.com). This message suggests the use of some kind of control panel on that site to get certificates.

Is hostwhitelabel.com the hosting provider that you’re using right now, or the one that was being used before?

To try to summarize things (I hope this will help):

When you “renew” a certificate, you are really getting a new certificate with the same contents (but different expiration date). The expiration date of a certificate is written into the certificate itself, so there isn’t anything that can be done to make it last longer or change it retroactively. When a hosting provider or software tool “renews” a certificate, they request a new certificate with the same contents, obtain it, and then install it into some kind of server application in place of the previous one.

Some hosting providers have their own support for Let’s Encrypt, where the hosting provider will request and install certificates on behalf of the customer. This can be made very easy or automatic so that the customer has little or nothing to do. This seems to be the kind of support that hostwhitelabel.com has implemented (but if that’s no longer the hosting provider that you’re using, that isn’t necessarily helpful to you!).

When you use a service like gethttpsforfree.com, you are getting a certificate for yourself (outside of and separate from any hosting service). The end result is that you have a copy of the new certificate in PEM (text file) format on your own computer. You can then upload it to various kinds of hosting service that are able to import certificates in this format (which is a common feature for a lot of hosting plans and a lot of kinds of server software). However, you have to explicitly take that step in order to make use of the certificate you obtained: the copy you have on your computer at the end of the process is for you to use, and isn’t automatically installed or deployed anywhere.

Using gethttpsforfree.com is an alternative to automatic renewal, because gethttpsforfree.com is a standalone service for people who want to obtain certificates one at a time in this way. It isn’t integrated directly with any hosting provider or service and isn’t automated in any way. It basically tries to replicate the experience that many users had with paid certificate authorities before Let’s Encrypt — only without charging money for the process.

If you want automatic renewal of any Let’s Encrypt software, you have to use some kind of tool that supports that, which could be a hosting company’s control panel, or could be our own Certbot software, or several other alternatives. Normally it will have to be closely integrated with your web server in some way, effectively being software that runs regularly on the web server (though proficient system administrators could also have it run elsewhere and then automate the process of periodically copying the new certificate onto the web server).

I’m pretty confident that the e-mail notification you received is separate from and independent of what you did with gethttpsforfree.com and is referring to a different certificate.


#5

As per my original post:
what type of hosting provider you are using, if applicable: hostgator reseller (which is why I used https://gethttpsforfree.com/4 for installing the certificate.)

I don’t have the ability on this server to have automatic updates.

REGARDLESS of what was there before… It doesn’t matter now. I have to use https://gethttpsforfree.com/ to install the certificate.

I’ve gone through the steps to install a certificate on the site now (just yesterday) as per the instructions on https://gethttpsforfree.com/. I recieved success messages all the way until the final step where the test is showing the certificate as expired.

I just need to know how to find out what I did wrong on the site as it is NOW. The email notification is a moot point. I appreciate the explanation re: the expiry of THAT particular certificate. So … I need to fix what is currently in place.

Thanks.


#6

It’s all moot now. I couldn’t fix it fast enough and the client switched to another hosting provider.


#7

I’m sorry it didn’t work out, but I hope things are working OK with the new provider. I was confused by your original message, which made me think you did potentially have some kind of auto-renewal working.

Step 5 on gethttpsforfree.com calls for uploading the new certificate to your site and installing it, using various methods depending on the nature of the hosting. Seeing the old certificate still active after doing so is most likely a sign of saving the new certificate somewhere where it doesn’t overwrite the old certificate, editing a configuration file that is not actually used by the current hosting environment, or not restarting or reloading the web server.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.