R3 certificate expired

kaushalshriyan · October 1, 2021, 7:24am

Hi,

I am using Lets Encrypt SSL Certificates on Linux servers CentOS Linux release 7.9.2009 (Core). When I hit the domain using Lets Encrypt SSL Certificates, It reports Issued by: R3 , Expires: Friday, 17 December 2021 at 9:43:18 AM India R3 certificate expired and shows Not Secured in Chrome browser.

Please suggest / guide. Do i need run certbot command to renew it or do any changes on the Linux server. CentOS Linux release 7.9.2009 (Core). Thanks in Advance.

Best Regards,

Kaushal

bruncsak · October 1, 2021, 9:08am

What is your domain name, that we could check what intermediate signing certificate your server is sending, if any?

kaushalshriyan · October 1, 2021, 10:01am

@bruncsak jenkinshsbcdeveloperportal.digitalapicraft.com is the domain name

bruncsak · October 1, 2021, 10:27am

Your server seems to be unreachable:

kaushalshriyan · October 1, 2021, 10:33am

@bruncsak It is restricted from Internet and allowed from a trusted source IP. Please let me know if you need any additional details.

bruncsak · October 1, 2021, 10:35am

OK, so please post the output of the following command executed on a trusted source IP:
openssl s_client -connect jenkinshsbcdeveloperportal.digitalapicraft.com:443 | head

kaushalshriyan · October 1, 2021, 10:39am

openssl s_client -connect jenkinshsbcdeveloperportal.digitalapicraft.com:8443 | head
depth=0 CN = jenkinshsbcdeveloperportal.digitalapicraft.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = jenkinshsbcdeveloperportal.digitalapicraft.com
verify error:num=21:unable to verify the first certificate
verify return:1
CONNECTED(00000005)
---
Certificate chain
 0 s:/CN=jenkinshsbcdeveloperportal.digitalapicraft.com
   i:/C=US/O=Let's Encrypt/CN=R3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISA2xUYj32x6FV/5rwrBJ0zNIWMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD

bruncsak · October 1, 2021, 10:46am

Thanks for the feedback.

The web server is not providing any intermediate signing certificate. It should be configured to provide that. The ACME client with which you got the end certificate normally provides the signing certificate chain as well.

In addition too, it is possible that in your chrome browser the old intermediate signing certificate is cached. It is worthwhile to remove that.

kaushalshriyan · October 1, 2021, 11:03am

@bruncsak

I am using the below command to generate Lets encrypt SSL Certificates on the remote Linux server.

certbot certonly --standalone --preferred-challenges http -d jenkinshsbcdeveloperportal.digitalapicraft.com

Please guide.

bruncsak · October 1, 2021, 11:36am

You do not need to renew the certificate, you wrote:

So the certificate were renewed around two weeks ago. Good to know that you are using certbot, this ACME client provides the chain. Only your web server is not serving it.

It is more important to know what web server are you using? Apache? If yes, what is the output of the httpd -V command?

system · October 31, 2021, 11:36am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
R3 cert has expired Help	11	865	December 1, 2022
Expired R3 connected to DNS challenge? Help	8	823	October 30, 2021
R3 intermediate certificate has expired, how to renew it with cert-bot renew Help	10	7199	November 2, 2021
R3 certificate expired — macOS Help	8	9233	October 30, 2021
Certificate reports expired on server websites but still valid on Ubuntu server Help	23	1096	November 3, 2022

R3 certificate expired

Related topics