Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The operating system my web server runs on is (include version): Ubuntu 0.4
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I am using a CMS to control my account.
When we install the let's encrypt certificate on our website, it shows us ERR_CERT_DATE_INVALID error and goes of after refresh. This issue is increasing day by day and is happening for most of our clients.
Example domains:-
Please can you help me figure out what may be the possible issue and how do we fix it. Seems like cert not being installed correctly.
For every hostname there is just a single and valid certificate issued:
Therefore, there is no possibility an older, expired certificate is send to the browser. The only think I can think of resulting in such an error is if the clients computer has the incorrect time and/or date configured.
Its not just showing in our clients device but also to us. This gets very unusual as the error does not follow any pattern. sometime it shows up and sometime it does not. But almost its shows up everytime we install the certificate for the first time or renew the certificate.
So you mean it happens to more sites? Because the certificate for site you've mentioned now has never been renewed.
Also it would be helpful to see the certificate info from the browser if you get such an error again. Because I can't find anything wrong with coralreefandaman.com.
Adding to Prashant's question. On SSL Labs we ran a scan of one of our domains that is showing this weird behavior. We got this report. Can someone please help me understand what certificate number 1, 2 and 3 might be. I was under the impression that there is only one certificate. https://www.ssllabs.com/ssltest/analyze.html?d=www.hotelgoldregency.co.in
Also, we are getting this error in our sever,
Hotel Id :- 5372, Hotel Name :- Hotel Mint Riva, Hotel URL :- https://www.staymint.com, Status :- HTTPSConnectionPool(host='www.staymint.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)'),))
Can you help us in figuring out the error. Hotel ID just refers to a shell in our CMS under which we have website for mint hotels .
Welcome to the Let's Encrypt Community, Prashant and Tarun
I just took a look at your report. You're not just serving multiple certificates. You're serving multiple chains of certificates. This is based on which clients (browsers) that SSL Labs uses to test your server. Some of the clients support SNI while some do not. Similarly, the handshake protocols allowed for certain clients are weak (with no forward secrecy), so that hurts your score.
