Https Encryption stops working after a certain time


#1

Hi,
I’m using LetsEncrypt for my website. I use Certbot nugget Package (C# ) in order to have a valid certificate.
The certificate is installed and imported successfully and works fine until a certain number of days, I have this error:


I have the same error on multiple server.
When checking between with netsh I see clearly that the valid LetsEncrypt certificate link to my apps.
It works for days and after the https access is down (nothing is changed or pushed in my website).
Can you see when this issue can come from?
Thank you in advance.
Regards,
Nabil


#2

Unfortunately, I don’t speak French, so I’m not certain what the error is saying specifically. That being said, I see RC4 being mentioned in there, and most modern browsers won’t be able to connect to a web server that only supports RC4. Perhaps that is the problem here, although I don’t have an explanation for why this only pops up after a few days. The only thing that comes to mind would be an outdated or buggy SSL interception proxy that might be part of your anti-virus or other security software, though I haven’t seen any issues where those downgrade to RC4 after a few days.

A good starting point would be to use SSL Labs to check your server configuration. If the report does indeed show that you only support RC4 and other ciphers that are considered unsafe, you would need to look into changing your cipher configuration in your web server. If you’re uncertain about the results, just post them here.

Mozilla has a configuration generator which might help with that For IIS, this article might be a good starting point.


#3

whats your domain name?


#4

Hi @makertoo,

Can you share the domain name in question? It makes troubleshooting much easier.

If I’m understanding the error right (Désolé! Mon Français c’est ne pas bon. Je apprends encore!) it seems like it is related to the server’s TLS configuration and not related to the certificate itself. Can you share more details about the webserver? (E.g. OS, platform, version, configuration, etc).

Thanks!


#5

I agree with the suggestion to use SSL Labs to check your configuration, because your web server may be configured to use obsolete cryptographic algorithms and parameters, but I also wonder if the message suggesting “Activez TLS 1.0, TLS 1.1 et TLS 1.2 dans Paramètres avancés” is just suggesting this randomly (because it can help some people), or if it means to suggest that all three are currently disabled in your web browser. If, by chance, all three are disabled, that would surely be the root of the problem. You should have at least TLS 1.2 enabled in the browser (it’s the most current standard version of TLS) and likely earlier versions of TLS for broader web site compatibility.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.