javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:verlekarsuwarnakar.com,

I ran this command:

It produced this output:

My web server is (include version):Tomcat 7

The operating system my web server runs on is (include version):Ubuntu 16.04

My hosting provider, if applicable, is:digitalocean.com

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.26.1

Note -
My domain stopped to come online suddenly. My renewal is up on June 25, 2020. The error is -
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

Hi @nitin

sounds curious: But it's not a certificate problem.

It's an internal problem of your website you have to fix.

Checking your domain - https://check-your-website.server-daten.de/?q=verlekarsuwarnakar.com

There is a valid certificate:

CN=verlekarsuwarnakar.com
	25.03.2020
	23.06.2020
expires in 51 days	verlekarsuwarnakar.com, www.verlekarsuwarnakar.com - 2 entries

Both connections (non-www and www) use that certificate, both are secure:

Same with my browser.

The certificate is correct. The http status 500

HTTP Status 500 ? Internal Server Error

Type Status Report

Message javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

Description The server encountered an unexpected condition that prevented it from fulfilling the request.

is an internal problem of your website you have to fix.

Thanks for your review.

As nothing on the web server changed, I thought if the letsEncrypt renewal check cron job did some damage.

N.

But your certificate

expires in 51 days

normally don't need a renew.

Check the log of your Tomcat to see, what's the reason of that error.

Thank you Juergen,

The cron job runs everyday to check for expired certificates and renew if necessary.

This is the main part of the log -

Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

I checked everywhere on the net. This is caused by the certificate store. But, using Let’s encrypt, I have only updated the pem files i n the server.xml

file. This is the 4th time the SSL has been renewed.

I didn’t change anything for, kind of 6 months and everything was running fine. Does it happen if any of the other SSL certs on other sites on the same server have expired?

N.

N.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.