NET::ERR_CERT_DATE_INVALID in nginx error log file = SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking , client: xx.xx.xx.x, server: 0.0.0.0:443


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
laurenbriddell.com

I ran this command:
1/ went to www.laurenbriddell.com
2/ tried to force renewel doing the following:
sudo certbot --force-renewal --cert-name www.laurenbriddell.com
3/ tried renew again:
sudo certbot renew --cert-name laurenbriddell.com --nginx

It produced this output:
1/The error shown in the browser:
NET:ERR_CERT_DATE_INVALID
the error shown in the nginx log file:
[crit] 14242#14242: *656 SSL_do_handshake() failed (SSL: error:1417D18C: ) while SSL handshaking, client: 74.82.47.3, server: 0.0.0.0:443

2/ error from trying to force renew (I restarted nginx after each time):
Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address

3/ after trying it a few more times with a new command I got this error:
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Attempting to renew cert (laurenbriddell.com) from /etc/letsencrypt/renewal/laurenbriddell.com.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/laurenbriddell.com/fullchain.pem (failure)

My web server is (include version):
nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version):
name=ubunto
ID_LIKE = debian
18.04

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don’t know):
I use sudo

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.26.1

please help !


#2

Upgrade your Certbot using the instructions at https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx .

Wait up to one hour for the rate limit message to subside.

Then run (do NOT stop nginx):

certbot renew --dry-run --nginx

If that’s successful, then run (do NOT stop nginx):

certbot --renew --nginx

and that should be all you need to do.


#3

Ah, you also have a different problem with your DNS setup, which might explain (parts of) your trouble:

laurenbriddell.com.     60      IN      A       18.216.247.234
laurenbriddell.com.     60      IN      A       184.168.221.32

One of these IPs is the GoDaddy domain parking page, and one of these is your nginx server.

You need to get rid of the DNS record for 184.168.221.32 from your GoDaddy DNS management, in addition to the steps I outlined in the previous post.


#4

I used the following comand after upgrading certbot:
certbot renew --nginx

along with everything else you recommended and everything works! thank you!!!


closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.