NET::ERR_CERT_AUTHORITY_INVALID issue appearing - was working after initial install a couple days ago

Help
1

I tried using LetsEncrypt free SSL for the first time on 15 sites I’m working on. I used certbot to install an SSL cert on all 15 of theses sites 2 days ago. Things went extremely smooth and everything was working perfectly. However, it appears that as of this morning, browsers are now displaying an insecure error with the following error: NET::ERR_CERT_AUTHORITY_INVALID

My domain is:
https://realestate.heraldnet.com/

I ran this command:
None

It produced this output:
None

My web server is (include version):
Litespeed 5.3.8 (backup Apache/2.4.39)

The operating system my web server runs on is (include version):
CentOS 6.10

My hosting provider, if applicable, is:
GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
WHM - cPanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.34.2

2

Hi,

Could you please logon to GoDaddy cPanel and check the certificate listed in cPanel -> TLS/SSL status?
It seems that now it’s been reverted back to the original self-signed certificate…

Thank you

1 Like
3

Hi @avweb

that's curious. Checking your domain there is a self signed cPanel-certificate ( https://check-your-website.server-daten.de/?q=realestate.heraldnet.com ):

CN=realestate.heraldnet.com
	17.05.2019
	16.05.2020
expires in 352 days	
realestate.heraldnet.com, mail.realestate.heraldnet.com, 
www.realestate.heraldnet.com, webmail.realestate.heraldnet.com, 
cpanel.realestate.heraldnet.com, webdisk.realestate.heraldnet.com - 6 entries

If you use cPanel, you shouldn't use Certbot directly.

And you have a Letsencrypt certificate with 15 domain names:

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
936350669 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-28 20:34:40 2019-08-26 20:34:40 realestate.bainbridgereview.com, realestate.bellevuereporter.com, realestate.federalwaymirror.com, realestate.heraldnet.com, realestate.juneauempire.com, realestate.kentreporter.com, realestate.kirklandreporter.com, realestate.kitsapdailynews.com, realestate.peninsulaclarion.com, realestate.peninsuladailynews.com, realestate.seattleweekly.com, realestate.southwhidbeyrecord.com, realestate.thedailyworld.com, realestate.vashonbeachcomber.com, realestate.whidbeynewstimes.com - 15 entries duplicate nr. 1

Perhaps your hoster has updated the cPanel.

Check your cPanel if there is an option to create a Letsencrypt certificate. Then use that.

2 Likes
4

Also, as @JuergenAuer said, if you are using cPanel, you aren’t supposed to edit / touch Apache / LSWS files directly, as it will not stay unchanged after reboot / restart / reload.

You should try to either obtained the certificate and update it in cPanel interface manually, or use cPanel api to directly update the certificate from command-line.

acme.sh (another third party acme script) have support for cPanel API.

Thank you

2 Likes
5

Ok, That makes sense. I will speak with my hosting provider to see if they have a way to set it up within cPanel, as I’m not seeing any LetsEncrypt integration tools in cPanel currently, just the standard, upload/ install a certificate options.

6

Hosting provider has stated they do not support 3rd Party SSL and cannot provide assistance… is there any documentation on the cPanel route?

7

Allows your cPanel a manual import? If yes, you can create a certificate via Certbot (with Certonly, without installation) and upload it. But you have to do that every 60 - 85 days.

8

I was able to download a WHM plugin for Let’s Encrypt. AutoSSL is now set up and everything appears to be working. Thanks for your help!

2 Likes
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.