Let's Encrypt Renewed But HTTPS Not working

#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: azimuthacademy.com

I ran this command: just renewed from panel

It produced this output: renewal was successful

My web server is (include version): I am not a admin guy don’t know

The operating system my web server runs on is (include version): I am not a admin guy don’t know

My hosting provider, if applicable, is: IONOS

I can login to a root shell on my machine (yes or no, or I don’t know): No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I don’t know

#2

Hi @azimuthacademy,

There are several certificates that have been successfully issued for your site:

https://crt.sh/?Identity=%azimuthacademy.com&iCAID=16418

But as you reported, your site is still using an older (expired) certificate, instead of one of the newer ones that exist.

Since you got these using a control panel, it seems like the panel itself is installed or configured incorrectly, because it seems to be unable to deploy the certificates that it obtains. Do you have support for this control panel from anyone, like the hosting provider or the control panel developer? It seems like you’ve done the right thing but your hosting environment has a configuration error of some sort that’s someone else’s responsibility to address.

#3

Dear Schoen

Appreciate your quick reply. As you mentioned, I had the hosting provider (IONOS Team) to check this and they said a hung nginx process was preventing implementation of LE renewal and it had been killed; however, after performing the killing action when the plesk support team wanted to include the “www” in the certificate by renewing the LE cert from Domains -> azimuthacademy.com -> Let’s Encrypt -> Renew they hit the following error:

The “Certificates per Registered Domain” rate limit has been exceeded for azimuthacademy.com. Let’s Encrypt allows no more than 50 certificates to be issued per registered domain, per week.

They want me to wait a week & see. Is there any suggestion how I proceed from your side?

Also When I browse www.azimuthacademy.com, I can see the certificate date now renewed to 3 months but still privacy error is occurring.

Looking forward for your suggestions.

Thanks & Regards
S.M.Pandian

#4

Hi @azimuthacademy

that error is wrong. There is a different situation ( https://check-your-website.server-daten.de/?q=azimuthacademy.com ):

All of your connections are secure. But you don’t use a Letsencrypt certificate:

CN=*.azimuthacademy.com
	27.03.2019
	26.03.2020
expires in 364 days	
*.azimuthacademy.com, azimuthacademy.com - 2 entries

instead a wildcard certificate from

CN=Encryption Everywhere DV TLS CA - G1, OU=www.digicert.com, O=DigiCert Inc, C=US

The last certificates (without duplicates pre / leaf):

Last Certificates - Certificate Transparency Log Check (BETA)

CRT-Id Issuer not before not after Domain names LE-Duplicate next LE
1322423854 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-27 14:42:02 2019-06-25 13:42:02 azimuthacademy.com duplicate nr. 2
1321758946 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-27 09:40:59 2019-06-25 08:40:59 azimuthacademy.com duplicate nr. 1
1321334971 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-27 06:26:20 2019-06-25 05:26:20 azimuthacademy.com, www.azimuthacademy.com duplicate nr. 5 next Letsencrypt certificate: 2019-04-03 02:04:23
1320965507 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-27 03:37:30 2019-06-25 02:37:30 azimuthacademy.com, www.azimuthacademy.com duplicate nr. 4
1321079472 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-27 02:33:34 2019-06-25 01:33:34 azimuthacademy.com, www.azimuthacademy.com duplicate nr. 3
1320716023 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-27 02:09:19 2019-06-25 01:09:19 azimuthacademy.com, www.azimuthacademy.com duplicate nr. 2
1321049305 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-27 02:04:23 2019-06-25 01:04:23 azimuthacademy.com, www.azimuthacademy.com duplicate nr. 1
1320705756 CN=Encryption Everywhere DV TLS CA - G1, OU=www.digicert.com, O=DigiCert Inc, C=US 2019-03-26 23:00:00 2020-03-26 11:00:00 *.azimuthacademy.com, azimuthacademy.com
1248763584 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-02 14:00:55 2019-05-31 13:00:55 azimuthacademy.com, www.azimuthacademy.com
1248506987 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-02 09:51:52 2019-05-31 08:51:52 azimuthacademy.com, www.azimuthacademy.com
1242372586 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-02-26 05:58:05 2019-05-27 04:58:05 mt.azimuthacademy.com

So you have 5 identical certificates with both domain names (www and non-www), that’s the

We also have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames.

Limit. But there are not 50 certificates.

And there is another problem you (or your hosting company) should fix:

The server sends only one certificate

Chain - incomplete	
	1	CN=*.azimuthacademy.com

so the intermediate certificate is missing.

#5

Dear Juergen

I removed Let’s Encrypt & tried with wildcard certificate a while back and now all connections are secure you are right.

Let me know how do I procure the intermediate certificate to complete.

Thanks & Regards

#6

You need one file with two certificates.

Read