Net::err_cert_date_invalid

adrian26 · June 17, 2023, 2:56am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: woodlandbiz.net

I ran this command: i'm using the installed let's encrypt in the server to generate ssl certificates

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version): CentOS v7.9.2009 STANDARD vzcontainer

My hosting provider, if applicable, is: hostinger

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel [110.0.7]

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

When i go into my root / cpanel site, it has no problem and the certificate expiry is Sunday, 13 August 2023 at 07:56:20

BUT when i go to my website woodlandbiz.net -> the expiry shows Saturday, 18 March 2023 at 12:41:21

i asked Hostinger to check and their support team India, Lithuana and Indonesia has no problem accessing my website - however back in my home country Malaysia - i have problem going into the website. I asked a few ppl with different devices to go into the website and ALL having the same problem showing connection is not private NET::ERR_CERT_DATE_INVALID

MikeMcQ · June 17, 2023, 3:22am

Welcome @adrian26

It looks like your server is processing IPv4 requests differently than IPv6. Anyone using IPv4 sees the Aug12 expiry but those using IPv6 see Mar18 expiry

(IPv4)
echo | openssl s_client -4 -connect woodlandbiz.net:443 | head
---
Certificate chain
 0 s:CN = *.woodlandbiz.net
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: May 14 23:56:21 2023 GMT; NotAfter: Aug 12 23:56:20 2023 GMT
 
(IPv6)
echo | openssl s_client -6 -connect woodlandbiz.net:443 | head
---
Certificate chain
 0 s:CN = woodlandbiz.net
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec 18 04:41:22 2022 GMT; NotAfter: Mar 18 04:41:21 2023 GMT

There are a variety of things that can cause this but most likely it is the way your LiteSpeed server is configured for these two protocols.

Many people still use IPv4 so that's probably why it works so often. You must be the lucky ones to be using IPv6 more often.

I also just noticed your IPv6 cert is not a wildcard but your IPv4 cert is. Maybe this is a further clue to locate where these are.

Your newer cert has an extra name in it too compared to the earlier one (www.login.woodlandbiz.net)

adrian26 · June 17, 2023, 3:27am

Hi, thanks for your update.

What are the options and solutions i can do now.

Can my Hostinger server hosting company help rectify the IPv6 / IPv4 ?

MikeMcQ · June 17, 2023, 3:40am

Yes, I think Hostinger is good place to start.

It might just be that your IPv6 address is wrong. A LiteSpeed server responds to that

An Apache server responds on IPv4. It is highly unusual to have a different server for each protocol

adrian26 · June 17, 2023, 5:07am

Hosting company says my SSL was not installed properly.

In my cpanel i have already run AUTO ssl and update all the certs and my website is still not accessible.

When I update the cert, it says

This SSL certificate was already installed.

The SSL website is now active and accessible via HTTPS on these domains:

The SSL certificate also supports this domain, but this domain does not refer to the SSL website mentioned above:

www.login.woodlandbiz.net

what does it mean by "this domain does not refer to the SSL website" ? In fact this is just a subdomain i created and not in use now. If removing it solves the problem i can remove the subdomain

rg305 · June 17, 2023, 6:17am

I see two different server signatures:
[some lines removed for brevity]

curl -Ii6 http://woodlandbiz.net/
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
server: LiteSpeed     <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< LITESPEED
location: https://woodlandbiz.net/
platform: hostinger

curl -Ii4 http://woodlandbiz.net/
HTTP/1.1 301 Moved Permanently
Server: Apache     <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< APACHE
Location: https://woodlandbiz.net/
Content-Type: text/html; charset=iso-8859-1

curl -Iik6 https://woodlandbiz.net/
HTTP/2 500
x-powered-by: PHP/7.4.33
server: LiteSpeed     <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< LITESPEED
platform: hostinger

curl -Iik4 https://woodlandbiz.net/
HTTP/1.1 302 Found
Server: Apache     <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< APACHE
Cache-Control: no-cache, private
Max-Age=7200; path=/; samesite=lax
Location: https://woodlandbiz.net/logout

adrian26 · June 17, 2023, 6:20am

What can i do to fix it ?

shld i delete / remove / uninstall SSL ?

please give me recommendations, tq in advance

rg305 · June 17, 2023, 6:25am

No.

Do you control the DNS for your domain?

Are these the correct IPs found on your server?

Name:      woodlandbiz.net
Addresses: 2a02:4780:3:524:0:396b:8aa4:1
           193.168.195.247

adrian26 · June 17, 2023, 6:34am

Yes i control them
IP v6 : 2a02:4780:e:ef07::1
IP : 193.168.195.247

rg305 · June 17, 2023, 6:58am

I see a difference in IPv6 addresses:
2a02:4780:3:524:0:396b:8aa4:1
2a02:4780:e:ef07::1

adrian26 · June 17, 2023, 7:07am

in my VPS - WHM, i checked it says

The system’s shared IPv6 address.
2a02:4780:e:ef07::1/128

u can let me know what i need to check

adrian26 · June 17, 2023, 7:08am

do i need to do these ?

rg305 · June 17, 2023, 7:08am

You already provided that IPv6 information.
Do I need to repeat myself too?

rg305 · June 17, 2023, 7:08am

Do you understand how DNS works?

adrian26 · June 17, 2023, 7:09am

i dont know what i need to do, appreciate your help in pointing me to how i can edit / rectify what is causing the issue

rg305 · June 17, 2023, 7:10am

I asked:

You replied:

Then, why does IPv6 2a02:4780:3:524:0:396b:8aa4:1 exist for your domain name?
How did that IP get in there?

rg305 · June 17, 2023, 7:12am

I don't know what you need to do either.
I am only pointing out inconsistencies.

adrian26 · June 17, 2023, 7:14am

Can you show me how you got this so i can share it with my hosting Hostinger ? and i asked them to check why is there discrepancies.

rg305 · June 17, 2023, 7:17am

nslookup woodlandbiz.net

dig A woodlandbiz.net +short
dig AAAA woodlandbiz.net +short

adrian26 · June 17, 2023, 7:19am

Tq for your guidance

Topic		Replies	Views
Net::err_cert_date_invalid Help	2	469	June 15, 2020
Net::err_cert_date_invalid Help	4	724	July 15, 2020
Net::err_cert_date_invalid Help	2	921	October 15, 2020
Cert Invalid Date NET::ERR_CERT_DATE_INVALID Help	28	2199	November 19, 2022
NET::ERR_CERT_DATE_INVALID Error Help	17	3923	August 14, 2019

Net::err_cert_date_invalid

Related topics