Peer’s Certificate has expired

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://ytc1-cloud.dyndns.org

I ran this command: https://ytc1-cloud.dyndns.org:643/netxcloud

It produced this output:
ytc1-cloud.dyndns.org:643 uses an invalid security certificate. The certificate expired on 10 February 2019, 19:37:26 GMT. The current time is 16 February 2019, 12:41.

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Solaris 11.4

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I use acme.sh
I have run a forced update
But Mozzilla insists it is an issue and will not over ride, Safari allowed me to bypass.

you had issued a cert today: https://crt.sh/?id=1208113562 but it still uses old cert. did you reload the apache after installed the new cert?

You also need change it to serve the fullchain.pem file (instead of the cert.pem file).
The intermediate chain cert is missing from the connection.

I rebooted the server, so yes

Ok, I will need some guiding here, apache is not really my bag and I can’t see where the cert.pem is being pointed at ?

In fact I can’t see it i /etc/apache2/2.4 or /var/www, or /etc/certs

Hi @YTC1

there are two different certificates:

Your port 443 ( https://check-your-website.server-daten.de/?q=ytc1-cloud.dyndns.org ):

CN=ytc1.dyndns.org, O=YTC Systems Limited, S=Merseyside, C=UK
	16.10.2018
	16.10.2019
expires in 242 days	

has a self signed certificate.

But your port 643 ( https://check-your-website.server-daten.de/?q=ytc1-cloud.dyndns.org%3A643 ):

CN=ytc1-cloud.dyndns.org
	12.11.2018
	10.02.2019
6 days expired	ytc1-cloud.dyndns.org - 1 entry

has a Letsencrypt certificate. And redirects

to your port 443. So why is port 643 required?

And there are different server headers:

Server: Apache/2.4.34 (Unix) PHP/5.6.38 OpenSSL/1.0.2p

Server: Apache

Port 443 is my SGD (Secure Global Desktop) connection, ytc1.dyndns.org . This is self signed as I still have issues getting it to work with Lets Encrypt.

Port 643 is my Next Cloud server. ytc1-cloud.dyndns.org

What have I not configured ? It was working until this week

Aha !
FIxed it.

acme.sh is writing to /etc/apache2/2.4/ytc1-cloud.dyndns.org

But Apache is checking for the cert in
/var/www/cert/ytc1-cloud.dyndns.org

I just had to copy the cert over and it worked again

When I come back in 3 months with the same error, kick me for not sorting out my acme script

Maybe you can directly update the location where it looks for them…
Or use symlinks in that location to their updated location.

where:
/var/www/cert/ytc1-cloud.dyndns.org
points to
/etc/apache2/2.4/ytc1-cloud.dyndns.org
[which may also be pointing to somewhere else]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.