My Wild Card SSL Didn't renew on DigitalOcean

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: squeezefunnels.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Not Sure

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): WebMin/VirtualMin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Don’t know

It’s weird…the mian URL: squeezefunnels.com shows: Connection Secured by CloudFlare but all the subdomains (it’s a WP multisite) exapmle: https://summerbreeze.squeezefunnels.com/ display:

https://summerbreeze.squeezefunnels.com/

Peer’s Certificate has expired.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Certificate chain:

-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISA5FngIksiyfatlXlS0zwmbFdMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAxMDMxNDU5MjFaFw0y
MDA0MDIxNDU5MjFaMB0xGzAZBgNVBAMTEnNxdWVlemVmdW5uZWxzLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOaNCQBnSUF6VeQBzbLO8K1ZxfjK
wV+H7f6NJXLe1f9E7ujWJjM0o89dxVUeNBIJ41ppTpUdjSrMay3nVqva90QkHBpN
msmrwAoaj9kaGG0OD9cgYBU0Xmvqu0U4w2bXjNJT+6rB6WnlECOZRAt5z8lkmFc5
dqHw6IK6BpSEac2KXyLBv96A1ScgAf/XRVHFozlWvxHXjVAB+qGj0+4Oze4Mn3Jh
8yHbDF5vkdJXhZQhiJcQGheTutNHl1aqzndfnV03Snpghx/uE+I+JIv9v1GCYspb
/jDeM0+YK0pgsIb202s83f+2RENeMLo93aKfNsB1917Nwv+8UIVW4ci+yUcCAwEA
AaOCAn4wggJ6MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUp0HFcYPE+ceyG6qHDCqG
9rT4ZYEwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUH
AQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5
cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5
cHQub3JnLzAzBgNVHREELDAqghQqLnNxdWVlemVmdW5uZWxzLmNvbYISc3F1ZWV6
ZWZ1bm5lbHMuY29tMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEB
MCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYK
KwYBBAHWeQIEAgSB9gSB8wDxAHYAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1
loFxRVgAAAFvbCHy2AAABAMARzBFAiB4dECAoKd/hJmbKgPeQEoGkW6alpl4bFBF
tf1eX9kG8AIhAIrc14lBUCtJJzDsGAxBPWafUTJDz+LlvTeWg1Ryxi9/AHcAB7dc
G+V9aP/xsMYdIxXHuuZXfFeUt2ruvGE6GmnTohwAAAFvbCHzBAAABAMASDBGAiEA
gWDu/Mvq3pMT2yu7DfV+RLEhfOQ7xx3yeXY/y8xBYqICIQCACGBGqAvwKTBLRTCd
aPcp5DF80QXPcestCb6TSa0+tTANBgkqhkiG9w0BAQsFAAOCAQEANszQLSiiDRz6
qdIb2AGMqxwez6gh+oURxCIo71gFW5zCjSmyiI1gWI5G8H+Ya3f26PyJGAviO0z8
8LVd+2YDSVG1jwh4mLONUpnVHjrREyCysC1/B0ZtGO8AFWIW3gtIuxTAhZi8wzk8
viud/xGFxyjlOLVTZQpt+YLv+GMIX4P37xVvVF02Tj7nE8W8YyH28+//Ct/BoCJv
d0C57BmIxdOXY8C3K1D6rQIgCllwyyB/mfsOQGs7NSSz6PKP9P4m8AQZcQML2h8N
D2GIijmwZMeZoBBo3rUSMlhEGP8UwiRCMxxh/2AskUNZvKOX83V0j84Ogae2HYJc
DYHiKWFZGQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

Many TIA

Cheers
Neil

2

Hi @squeezemobi

checking your domain there is no valid wildcard certificate - https://check-your-website.server-daten.de/?q=squeezefunnels.com#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2020-01-03 2020-04-02 *.squeezefunnels.com, squeezefunnels.com
2 entries
Let's Encrypt Authority X3 2019-10-21 2020-01-19 *.squeezefunnels.com, squeezefunnels.com
2 entries
CloudFlare Inc ECC CA-2 2019-08-14 2020-08-14 *.squeezefunnels.com, sni.cloudflaressl.com, squeezefunnels.com
3 entries

How did you create that certificate 2020-01-03? Do that again and install it.

Your subdomains don't use Cloudflare.

3

Hi Juergen

Firstly thank you for checking.

I’m not a dev but I do know all the subdomains have been covered by an SSL and have no idea why they aren’t now but they have been working correctly up until now.

I didn’t install the SSL.

Kind regards
Neil

4

Then ask the person who has installed the certificate.

Letsencrypt certificates are only 90 days valid. So installation requires a working update.

5

I’m not in touch with them but thanks

6

So looks like this is all controlled from the Virtualmin dashboard? Can anyone point me to some help/tutorials on how to renew the certs via Vitualmin as the ones I have found haven’t been helpful at all?

TIA

Cheers
Neil

7

Have you seen these?

https://doxfer.webmin.com/Webmin/Webmin_Configuration#SSL_Encryption

https://doxfer.webmin.com/Webmin/Let's_Encrypt

8

Hey thanks Peppe…I will check them out, appreciate it!

It’s driving me nutz as it has all been working fine for a very long time so have no idea whats happened, they certs haven’t renewed for some reason.

9

Is your virtualmin updated?

It might not support ACMEv2 or it might try to use ACMEv1, but we can’t tell without seeing the actual error message.

10

Virtualmin is version 6.08…if that means anything.

The error message on the subdomain pages is:

"Websites prove their identity via certificates, which are valid for a set time period. The certificate for beaver.squeezefunnels.com expired on 4/2/2020.

Error code: SEC_ERROR_EXPIRED_CERTIFICATE"

11

There’s a newer version but yours is the next one. http://www.webmin.com/vchanges.html

You should tell us the error inside virtualmin, not the browser error.

12

Thanks for that ino Peppe…Ahhh I’m not seeing any errors in Virtualmin or at least not in the area’s I have looked at.

13

Hi guys… So I ran the test on the Why No Padlock site and This Is The Test Result if it helps shed any light on the issue.

The errors shown are:

Invalid Intermediate
You have an invalid or missing intermediate (bundle) certificate. This may not break your padlock on all browsers, but will on others. Please contact your SSL Vendor for assistance with this error.

Expiration Date
Your SSL certificate is expired! (Expired on: 2020-04-02) You will want to renew your SSL certificate as soon as possible!

It passes all the other criteria for this test.

TIA
Neil

14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.