Problem with SSL renewal


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: gamebox-x.com

I ran this command: (using web-servise “sslforfree” and “zero-ssl”)

It produced this output: rate-limits

My web server is (include version): nginx - 1.13.8

The operating system my web server runs on is (include version): Windows Server 2016 Gen2

My hosting provider, if applicable, is: none

I can login to a root shell on my machine (yes or no, or I don’t know): (custom service)

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Need to: Clear ssl-certificate registration for creating new-one


#2

Hi @mkikets

you have 10 certificates created 2018-09-30:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:gamebox-x.com&lu=cert_search

Why don’t you use one of these. Normally, you should have max. 2 active certificates - one expiring < 30 days, one longer.

That hits the 5 identical certificates per week - limit. So you have to wait one week.


#3

I know, but when I add certificate to server - nginx do not update cert in client (still saying “non-commertial use”)


#4

Did you restart your nginx?

If yes, please share your nginx - configuration files.


#5

restarted hundred times

nginx config:

server {

    listen 		443 ssl http2;
	server_name	gamebox-x.com www.gamebox-x.com;
	client_max_body_size 64m;
	ssl                     on;
    ssl_certificate         ../cert/certcombined.crt;
    ssl_certificate_key     ../cert/private_rsa.key;
	
	access_log logs/gamebox-x.access.log;
	error_log logs/gamebox-x.error.log warn;
	
	location / {
	    #return 200 "OK";
	    proxy_pass    http://192.168.200.3:80;
		proxy_set_header Host      $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
	}
}

But maybe the problem is with rsa_private key because nginx log has

2018/09/30 19:56:03 [emerg] 4248#7124: SSL_CTX_use_PrivateKey_file("C:\nginx-1.13.8/conf/../cert/private_rsa.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

So that`s why I need to clean ssl-registration


#6

You have to change these two file names and restart.


#7

i have cert but have wrong rsa_private_key


#8

Then read the help of sslforfree where the private key is saved / stored.


#9

install, restart but not result


#10

Then you may have a second nginx - configuration. Or you have to restart your complete server (another user had such a problem).

Or your files / paths

are wrong. Share the content of ../cert/certcombined.crt, it’s public.


#11

ok… I waited 7 days… but after renew still no result…
New content of certcombined.crt is :

-----BEGIN CERTIFICATE-----
MIIGFzCCBP+gAwIBAgISAwbjfhye2lBlDfFFJFNPOgpQMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEwMDgwNTA5MjlaFw0x
OTAxMDYwNTA5MjlaMBgxFjAUBgNVBAMTDWdhbWVib3gteC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCozoMs0KMroRDwifFqOCTO0LvVZiluGCLY
ckbCvKE96fhds5kscKPg76du4eDWrcMzOsWJlDArdkxZJpbdXWmbBGJZtywjrhOE
6oWy1zEF6q/xBMIAkApyQZff3xkl+eNzPuBHxFTQKsZauNUWbgEzM084ESe2eSC6
I95x3MNTaLlMPdV/QDFQLy1RVKbOnrnHvY9dLDqrJ7AtK4V9ZqqoxF5CxMHCN/iR
8nrItyaK+2vTbWS7x0Z2uznWvohQCoZPHIzl1JwDPExd3xsFfLAgM2kzaX+I7Eui
YnJR7mxPwA6gqmQI68dkkYPFNiReMNGy2T20eR13UisJm1BLgxOnAgMBAAGjggMn
MIIDIzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFF7/ulJciPeqbVJBVwLUBy1qbb1w
MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMw
YTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9y
ZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
Zy8wKQYDVR0RBCIwIIIPKi5nYW1lYm94LXguY29tgg1nYW1lYm94LXguY29tMIH+
BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF
BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe
DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS
ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD
ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v
cmcvcmVwb3NpdG9yeS8wggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgB0ftqDMa0z
EJEhnM4lT0Jwwr/9XkIgCMY3NXnmEHvMVgAAAWZSS3g5AAAEAwBHMEUCIQDxv3vj
+pS5kgkBpa4nK2IzVq7Y1pSmQrRVSuPIxnPG2gIgXyq9zqfchJOShh7fWF+/eHeV
hrpzlQolXkP8eKHQn3UAdwBj8tvN6DvMLM8LcoQnV2szpI1hd4+9daY4scdoVEvY
jQAAAWZSS3hPAAAEAwBIMEYCIQDxVjJk8laEheOj7ZJrTC2PtezJZTDXPLgJ9uXB
+SOQYgIhAKeHSQ3ivSm51ry+bLtpqIoOQ8a7B6+uExbcSSRgUD+gMA0GCSqGSIb3
DQEBCwUAA4IBAQACieMpGjgYUDk2XmVCQM/lfkgJQAG06ayGkp8YVXZXuCSf4RKK
uARLRhkScDKr6lVr3y2v+wRe2NoM+CKaKE3/Jouo6TthEq4LiW4hgIbCLZe0kofg
Xb+ZbPDhGcwOX/RYCTDWAtLbbUcQtEkaIGk/+CWLbZJj5PA/bd9UqXyQT80Rh4ES
gvQBZ41x2GaYlVDlAlvS6Y1FXtlPRQnML0TR22MkcOrUJVqr2mAC7TTYtxH4vwak
VCzH2JEE/hgl+RCs+1TbGVCRL69kOdCasdJF2jeSj7cmtPjhF8drgYQZnrRmION7
Vg2W/3aPsZAyKp2N5NIzV6FEqFhJ1vLz+AqY
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----


#12

This is checker on “sslshoper”


#13

But when I check the text in it, it says next:


#14

This is a new certificate, created today. So this part works.

But the certificate isn’t installed, so you get a warning.

This

is not relevant. It’s only the certificate signing request, not the certificate.

You have to install this certificate and restart your server.

Perhaps the file location …/cert/ is wrong. Or the file is a symlink. Or you have a second nginx - configuration.


#15

I found the solution:
I cleared all files in temp folder and now it worked.
Thank you for helping.


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.