Intermittent https failure (expired cert)?

Server
1

Has anyone experienced intermittent https failures?

I get an error in the browser:

librepathology.org uses an invalid security certificate. The certificate expired on
12/05/17 02:24 AM. The current time is 05/07/17 05:34 AM. Error code:
SEC_ERROR_EXPIRED_CERTIFICATE

One of the strangest aspects is: the issue (as far as I am concerned) is one day - possibly two days old; things worked fine before. The above error say the cert expired May 12.

Also strange: without changing anything a little while later it appears to resolve self. I strongly suspect an underlying server issue, and inclined to go to backups. However, my understanding of https is relatively shallow and I wanted to ask whether any plausible explanation could exist?

Thanks,
Michael

Technical details:
Debian stable web apache server, running on virtual machine
using debian package: python-letsencrypt-apache, Version: 0.4.1-1~bpo8+1
Went https with Let’s Encrypt in March 2016 - things have worked well up until now.

2

Hi @michaelb,

That is pretty strange. When I check now I see a certificate that expires Sep 15th.

~$> openssl s_client -servername librepathology.org -connect librepathology.org:443 2>/dev/null </dev/null | openssl x509 -enddate -noout
notAfter=Sep 15 05:24:00 2017 GMT

I don’t have an explanation for you but here are some things to think about:

  • Did you see this from multiple clients? Were the clients affected recently booted? Sometimes a client can have an incorrect time/date that will cause these errors, and then “fix” itself with NTP.
  • Do you have a load balancer in front of this server? Sometimes these intermittent errors are caused by load balancers that forward to one or more webservers where one of the set is misconfigured with an expired certificate.
  • Is it possible that your Apache server wasn’t reloaded after the certificate was renewed? This seems unlikely since the problem appeared suddenly and then disappeaed again.

Hope this helps with the investigation!

3

Hi Boulder engineer,

Thanks for the reply.

This does affect multiple clients:
Three different OSes (Windows, Debian Linux, Android) - at least 5 different browsers Internet Explorer (Windows), Android native web browser, FireFox on Android, Chromium on Debian, FireFox on Debian, 4 different machines (Windows x2, Debian x1, Android x1) Traffic on the web site is down significantly - implying an issue with the server… not a client issue.

No load balancer - according to hosting provider.
Was told no changes to virtual hosting environment.
Haven’t made any changes. Still baffled.

ssh to server a bit wanky. Can log in; however, connection was frequently dropped.
Still have the feeling it is server issue - possibly corruption?

Issue intermittent… which makes investigation more difficult.
Wish I was wiser – in any case, thanks for the ideas.

Michael

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.