Let's Encrypt certificate is not working all time

AR97 · November 26, 2021, 9:38pm

Hello there,
I have a problem here, I'm using let's encrypt certificate ssl but it's not stable it sometimes work and sometimes doesn't work

My domain is: deliverymasrapp.com

I ran this command:

It produced this output:

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu 20.04 (LTS) x64

My hosting provider, if applicable, is: Digital ocean

I can login to a root shell on my machine (yes or no, or I don't know): No, I use recovery terminal

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 0.40.0

AR97 · November 26, 2021, 9:44pm

https://www.deliverymasrapp.com/
https://deliverymasrapp.com/
https://admin.deliverymasrapp.com/
https://server.deliverymasrapp.com/

Sometimes one or two of them work sometimes none work sometimes all work, But none of them is stable,, It gives me " Your connection is not private" "NET::ERR_CERT_INVALID" and the attached photo is the certificate

rg305 · November 26, 2021, 10:01pm

Hi @AR97 and welcome to the LE community forum

Please show the output of:
ps -ef | grep -v grep | grep nginx

Is there a load-balancer involved?

Is this only happening from one PC (or from one network)?
If so, do you use anything that does HTTPS inspection?

AR97 · November 26, 2021, 10:18pm

rg305 · November 26, 2021, 10:36pm

Ok, the netstat part looks good.
[the missing security patches could use some love]

What about?:

AR97 · November 26, 2021, 10:44pm

Is that what you mean ?

AR97 · November 26, 2021, 10:59pm

@rg305 please look also at the attached photo above

MikeMcQ · November 26, 2021, 11:36pm

@AR97 That is a self-signed certificate which has nothing to do with Let's Encrypt. Maybe you already realize this but I say in case you do not.

I tried checking your certificates multiple times in a row and always got the correct ones.

Do you see that wrong certificate on machines from outside your network?

Can you describe more what you mean by sometimes they work and sometimes not?

Do you mean the same machine connected to the internet in the same way will sometimes work but other times get the message you show?
Or, do you mean some machines get one thing and other machines get something else?
Or, even do some machines connected say to your wifi get one thing but connected a different way get different results?

It looks very strange for sure. I am also interested in the answers to the other questions @rg305 asked you. Thanks

AR97 · November 26, 2021, 11:57pm

https://www.deliverymasrapp.com/
https://deliverymasrapp.com/
https://admin.deliverymasrapp.com/
https://server.deliverymasrapp.com/

Have you tried all this links and get all works, I tried this links on same device and same network it works but after refreshing multiple times it doesn’t work with no change on device or network

MikeMcQ · November 27, 2021, 12:04am

I have tried all but the admin domain repeatedly. But, I am not using a browser but I am using openssl. For example:

echo | openssl s_client -connect deliverymasrapp.com:443 -servername deliverymasrapp.com | head

If you get a different result from openssl and a browser I would start to suspect the browser. For example, does it have a security plug-in that inspects https traffic? Sometimes antivirus programs intercept traffic and replace with their own certificate so they can fully assess the traffic. I do not know why it would not be consistent I am just noting.

Are there a wide variety of machines having a problem? Do you see the problem using other browsers or just the same one always?

AR97 · November 27, 2021, 12:15am

https://server.deliverymasrapp.com/

I’m trying to open this link from different devices and different browsers none of the work using wifi and mobile data, the problem is that it was working couple of hours ago

Is there anyway to check if I setup everything right ?

rg305 · November 27, 2021, 12:18am

Can you try on cellular (without WiFi)?

[it sounds like all the systems having trouble are within the same network/router]

MikeMcQ · November 27, 2021, 12:24am

Rudy, I think when they said "mobile data" they meant cell too. But fair to double check.

@AR97 What results do you get from repeating openssl command?

Also, I see from google that other people have seen that exact testexp certificate even with all the other info on it (expiry date and so on). So a good guess is some vendor product or one that has recently been updated.

I see your certificates just fine. Your nginx config looked fine (what you showed). Here is a website that will check your certs. Run it several times and see what you get (always fine for me) - it uses openssl to check:
https://decoder.link/sslchecker/deliverymasrapp.com/443

AR97 · November 27, 2021, 12:44am

I used this test multiple times and always passed with no issues, Its very weird

MikeMcQ · November 27, 2021, 1:33am

Yes, very. Do your failing machines connect through a company VPN? Just trying to guess what might be common to your machines that is different than my tests and that website.

rg305 · November 27, 2021, 1:45am

I think you have shown WHAT the problem is.
But you haven't yet shown exactly WHERE the problem is.

system · December 27, 2021, 1:45am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.