I check my company website by web browser-IE with “https”, it mentioned that there has a SSL cert which was issued by Let’s Encrypt Authority X3 was expired. But we doesn’t apply any SSL cert for this website domain name and configure any SSL on web server.
Can somebody let me know and advice how can I remove it?
Thanks a lot !!
Not without your answers to the questions that you deleted when you created this topic.
Is it running nginx, apache, IIS, …?
Thanks for reply.
Actually, the SSL cert is not created by me so I am not sure which server OS and application is using for create.
the website is: www.mindstec.com
I can’t find any contact information in WHOIS and no contact information is on the site.
You could try sending an email to:
email@example.com; firstname.lastname@example.org; email@example.com; firstname.lastname@example.org
and see who responds.
But if you work at the company…
Don’t you know who runs the IT and who controls the server at:
Someone with server admin access made the changes and only a web server admin can undo the changes (HTTPS bindings).
I checked with the website hosting company, they reply me doesn’t setup and applied this certificate…
But due to this is outsource website hosting company, there is unable to check their server configure and only able to trust their reply…
Does any way to check the certificate is issued by their server?
“Issued” has a specific meaning in the context of certificates; it refers to the original creation of the certificate by the entity that signed it (which is the Let’s Encrypt certificate authority).
It is not possible for an outsider to determine who was responsible for requesting and installing the certificate. That would have been someone (possibly including a computer program) responsible for setting up the web server software on the 18.104.22.168 machine. Nonetheless, that particular machine—apparently hosted by “A2 web hosting”—currently contains a copy of that certificate and is actively serving it to people who visit the site over HTTPS. Again, we don’t know who originally set it up that way, but nonetheless, it has been set up that way somehow.
To put this another way in terms of the hosting company, the hosting company might not have requested or installed the certificate and might not know that it was there, because someone else (maybe previously working for your company) might have done that. Despite this, the certificate is located on the hosting company’s machine now, whether through the hosting company’s action or not.
(Also, if the certificate were properly renewed, the expired certificate error would go away. Depending on the software in use on the server, it might be relatively easy to renew the certificate and set it up to be renewed automatically in the future.)
Thanks for your information, I will double check with my web service provider are they using this hosting company or not.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.