How does someone detach his/her website from Letsencrypt Certificates after expiry?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
www.qmajd.com
I ran this command: I have tried editing the url from https to http from the database as well as admin dashboard

It produced this output:There is no change. Every time I visit my page I get the following error : "Your connection is not secure

The owner of www.qmajd.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
I don’t need the certificate anymore and I think there are traces of letsencrypt in my website and was installed by my previous host. Now the previous host says he can’t access my database while the current host demands I upgrade to premium plan and purchase a new ssh which is not worth for now.

My web server is (include version): php-I am not sure of the version.

The operating system my web server runs on is (include version): Windows 7 32 bit

My hosting provider, if applicable, is:Hostgaror

I can login to a root shell on my machine (I don’t know):I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Yes version 60.0.48

Strange name for a control panel, “Yes”.

Also, I’m not sure why an expired HTTPS certificate would interfer with “access to your database” by your previous host.

Because you’re using (some sort of) control panel, the answer to disabeling HTTPS would be somewhere in that control panel.

I know that this is supposed to be a forum for asking help but you should do the basics

hostgator manage certificate

http://support.hostgator.com/categories/ssl-certificates

By the way you should probably get a new certificate but it’s up to you if you want secure connectivity to your site or not

Andrei

I also wonder why Letsencrypt would allow expired ssls to interfere with websites. I have looked at the cpanel but there is no http tab. Can you please advise where exactly I could disable the http from the cpanel?

@ahaw I currently don’t need any ssl certificate because its not worth it. I only need plain www as the site url

Excuse me butting in, but I think you simply need to ask your hosting service for help. If they don’t help: Leave them.

The one you mention is not the most reputable around.

that’s fine

so configure this in hosting gator :smiley:

This is not a forum for hosting gator support :smiley:

Andrei

I contacted my host and they said they dont see any active ssl on my site because they did not sell the ssl to me ( I transferred the site to them for hosting from another host). So I contacted the previous host and they said that they no longer host the site, so cant assist on the ssl they issued before. I have given up on both hosts about this. I have tried contacting Letsencrypt but they dont even have a contact number or email. o sad!

Let's Encrypt isn't a party in your current problem. It just issues certificates. What you (or your hosting providers) do with the certificate is your problem.

Your site is hosted somewhere. The whois for the IP behind www.qmajd.com is from a "HGBLOCK" IP block, so it's currently probably hosted by Hostgator.

@ahaw021 already posted a useful link where you can find out how to manage SSL certificates with the Hostgater user panel. You just have to click around some on that page. You can't expect us to point every user to the exact location on how to fix their problem. a) because this isn't really a Let's Encrypt issue and b) we expect some effort from the user itself.

Let's Encrypt staff is not able to do anything with expired certificate. It's up to you to either obtain new, valid certificate, or remove it altogether - "un-expiring" or removing certificate is not something that can be done on Let's Encrypt side. It has to be performed on the server itself.

Let's Encrypt staff won't be able to help you with your problem. There is no point in trying to contact them!

If you want to remove LE certificate from your website, you have to check with your hosting provider (HostGator). If there is no such option in control panel, then you have to contact their support.

There is a redirection from HTTP to HTTPS on your site. Maybe you can disable it by yourself? Maybe it is enabled in website code/settings or there is some .htaccess file which performs redirection of non-HTTPS traffic to HTTPS? We don't know. Please note that even if you manage to disable this redirection somehow, you may need to clear your browser cache to see that it's gone (as this is 301 redirection, which is cached by browser).

But I honestly think when a certificate expires its high time the https dissapear to leave back just plain www… why do I have letsencrypt traces on my website. It is their responsibility to terminate their services from my site, not to force me continue using them. What do you think. Its just a triangular blame game Host1-host2-letsencrypt and back but hopefully I will get a solution soonest

I am actually so much interested in disabling the redirection oh http to https…Let me check the.hta access file

Indeed, if an enabled certificate is expired, it is high time (actually, already too late!) for either renewing that certificate or removing HTTPS indeed. Nobody is helped by having an expired certificate installed.

Because nobody who's responsible for the management of the website has removed/disabled it.

"Their" = Let's Encrypt? That's where you're WRONG. As I've said over and over again, Let's Encrypt is a service for issuing certificates. HOW an user gets (and uses) that certificate, IS UP TO THE USER! Let's Encrypt doesn't "push" or "forces" a certificate upon an user or server. The user ASKS for a certificate and Let's Encrypt can issue one.

How the user asks for this certificate, is up to the user. The user can use one of the many programs available (also called "clients") or can use management software such as cPanel. Some webhosts (which would be the client in that case) offer Let's Encrypt certificates by default.

In any case, Let's Encrypt does NOT install a certificate. Let's Encrypt does NOT modify a servers configuration. Let's Encrypt is NOT responsible for errors or mistakes on the client side of the HTTPS story.

2 Likes

But why do other certificate issuers come in handy in such instances? Its ridiculous that Lets-encrypt comes handy in receiving donations rather than considering support to their products. Anyway free comes with a price, I will tryna get a sensible method to get out of this mess

I don't quite understand you here. What do you mean with "come in handy"?

free ssl certificate but not free hosting?

are you sure you are not beating up the wrong party?

this forum is mostly staffed by volunteers - we help on average 20-40 people a day with a range of problems.

Andrei

That was already clear from the beginning, IMHO :slight_smile:

@Perfect really should try to learn more about the proces of SSL certificate issuance in general and the Let’s Encrypt system in particular. And also the responsibilities of all the involved parties, most importantly the hosting providers.

If you were truly “Perfect”, you would already understand that the situation would not be any different if the certificate had been issued by anyone else - the issuer is not part of the problem.
How could it be any different?
You clicked on some button in your control panel and it enabled SSL.
Now you have to click a button to disable SSL.
None of that has nothing to do with who issued the cert.

HostGator is serving the expired certificate, regardless of whether their tier 1 support sees it in their control panel or not. You should escalate your support ticket to a manager and suggest they actually try and visit your site and figure out what is going on.

Only HostGator can fix your problem. They are hosting your site now and are responsible for what it does. If they continue to be unhelpful I suggest you find a web hosting provider that is.

1 Like

Hi @Perfect,

I'm sorry that you're having trouble with this, and if other people's replies have seemed confusing or unhelpful, but the reason that people keep insisting that you need to contact the hosting provider is that it's really technically necessary! The underlying technology standards that are in use between the user's browser and your site's server mean that the only one who can say "No certificate is necessary" is the hosting provider. There is nothing that the certificate authority can do or say that would have this effect. It's just not possible, any more than a car manufacturer can declare that your car no longer needs gas, or any more than the real estate agent who sold a house can later declare that the light fixtures will now be fluorescent instead of incandescent.

Yes, these organizations were involved in the process, but their roles and powers are nonetheless limited—by the design of the technology itself. There is no such thing as a "You no longer need to check for a certificate" message from a CA, because the "You need to check for a certificate" message comes from the hosting provider (in the form of an HTTP 301 redirect from an HTTP URL to an HTTPS URL, and/or an HTTP-Strict-Transport-Security header message inside the HTTPS session). These messages are not part of the certificate. As these messages are sent only by the hosting provider, it's also only the hosting provider who can stop sending them. There is no message from the CA that can countermand, undermine, cancel, revoke, or invalidate them. That technology simply doesn't exist in the code of the web browsers.

We do try to provide support here on this forum for all of these situations, but very often the end result is "Unfortunately, you need to go ask entity X"—not because we're trying to get rid of people, but because we've realized that we don't have the ability to solve the problem. Here, we have realized that we don't have the ability to solve the problem.

This is also part of the design of the web browsers: if a user tries to access any web site or web resource via an HTTPS URL, it requires a currently-valid certificate. Let's Encrypt is happy to give you a new certificate for free if you'd like one (all of our certificates are always free of charge, though there's no way that we can force hosting providers like Hostgator to install them free of charge). Otherwise, people need to access your site resources over HTTP instead of HTTPS. That's the web browser's policy, not our policy.

In turn, the typical reasons that people are trying to access your site over HTTPS links would be:

  • You or a content framework or a content template or a search engine created links to your site (or parts of your site like images, scripts, or stylesheets) that start with "https://" (which tells browser to access the site that way at the outset)
  • Your hosting provider returns an HTTP 301 redirect from "http://" URLs on your site to the corresponding "https://" URLs (which tells browsers to switch to accessing the site over HTTPS)
  • Your hosting provider sets the Strict-Transport-Security heading inside of HTTPS responses (which tells browsers to remember to only access the site via HTTPS in the future)
2 Likes