I connected using CNAME record in DNS, but the web page does not connect because expired certificate is applied

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: blog.shrai.net

My web server is (include version): Unfortunately i donโ€™t know

The operating system my web server runs on is (include version):i unable know

My hosting provider, if applicable, is: tistory.com

I can login to a root shell on my machine (yes or no, or I donโ€™t know): NO

Iโ€™m using a control panel to manage my site: CloudFlare DNS (FREE TIER)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if youโ€™re using Certbot):NOPE;; :frowning:

I connected using CNAME record in DNS, but the web page does not connect because expired certificate is applied.
How do I delete a certificate that Iโ€™m connected?

I think this will works. mostly its about option on tistory sideโ€ฆ

1 Like

Hi @totsut

yep, you have a CNAME entry:

Host T IP-Address is auth. โˆ‘ Queries โˆ‘ Timeout
blog.shrai.net C host.tistory.io yes 1 0
A 27.0.236.139 yes
www.blog.shrai.net Name Error yes 1 0

And there is an expired Letsencrypt certificate:

CN=blog.shrai.net (6074)
	26.09.2018
	25.12.2018
117 days expired	blog.shrai.net - 1 entry

But it looks that the service of tistory.com to create a new certificate has a bug:

Domainname Http-Status redirect Sec. G
โ€ข http://blog.shrai.net/
27.0.236.139 302 https://blog.shrai.net/ 0.603 A
โ€ข https://blog.shrai.net/
27.0.236.139 200 3.490 N
Certificate error: RemoteCertificateChainErrors
โ€ข http://blog.shrai.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
27.0.236.139 302 https://blog.shrai.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.620 A
Visible Content:
โ€ข https://blog.shrai.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 503 5.900 N
Service Unavailable
Certificate error: RemoteCertificateChainErrors
Visible Content: 503 Service Unavailable No server is available to handle this request.

Checking /.well-known/acme-challenge there is a ServiceUnavailable - Status 503

Looks like your hoster has a bug and should fix that. /.well-known/acme-challenge is required to create a new certificate using http-01 validation.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.