How can I make my site online again, when the certificate expired in a shared host?

I used follow CertSage to make certificate works on my site, but it expired yesterday, I missed the notification emails as I was in holiday.

I tried to make a new certificate, but as my current one is expired, I can't visit the url which this script ask me to run for request a new cetificate, it's shows Error 526 (Invalid SSL certificate)

my site has bit complication, at least for me as a newbie:

  • my domain is on cloudflare, they needed some special settings when I setup Let's Encrypt, which I don't remember what I did now.
  • my host is on ASmallOrange, and the Let's Encrypt certificate was installed here.

please help me, any advise are welcome, to deal:

  • how can I make the CertSage script url work again on my host?
  • do I need to redo any settings in my domain provider's backend (cloudflare), after apply a new certificate?
  • do I need to change anything in my website after I had a new certifiate, which is a wordpress based shopping cart?

===================

My domain is:
mokododo dat com

My web server is (include version):
Apache Version 2.4.52

The operating system my web server runs on is (include version):
not sure, all I kknow is it's linux with cpanel 70.0.69

My hosting provider, if applicable, is: A Small Orange

I can login to a root shell on my machine (yes or no, or I don't know):
I don't think so, at least I haven't did that.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
yes, I use cpanel, 70.0.69

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I used use "CertSage" to install and apply letsencrypt certificate.

Most if not all browsers have a method to bypass the certificate error. If applicable, you might need to remove the HSTS settings for that site in your browser.

You're not literally saying so, but maybe the certificate error is from Cloudflare instead of your browser? If so, you might need to loosen up the TLS settings for your site in the Cloudflare configuration panel. Or something similar, I dunno. Probably set to "Strict" now.

If you're using Cloudflare, you also might want to consider using a Cloudflare Origin certificate instead of a Let's Encrypt cert.

5 Likes

As the author of CertSage, I concur with @Osiris's evaluation and recommendations.

5 Likes

Thanks @Osiris @griffin, I've done it easily, which I thought it's a complicated. Thanks for the torch light you guys shined!

Steps brief here for others reference:

  • lossen up SSL/TLS encryption mode from Full to Flexible in Cloudflare
  • visit the url of CertSage and "Acquire Production Certificate", also update the contact email for notification of expiration.
  • head up to SSL/TLS in Cpanel to update the Certificate and Private Key, using certificat e.crt(first part) and certificate.key, end up by clicking the install button.
  • re tighten the SSL/TLS encryption mode to Full in Cloudflare.
4 Likes

You got it!

:partying_face:

5 Likes