Renewed certificate ok on server but expired on client machine

gfunk · November 28, 2022, 3:17pm

My web server is: CentOS Linux 7.9.2009

The operating system my web server runs on is: CentOS Linux 7.9.2009

My hosting provider is: aruba.it

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site: webmin v 2.000

Hello,
after more than a year using let's encrypt as CA, today I run in this situation:
accessing the site from any browser or any client I get :NET::ERR_CERT_DATE_INVALID

Actually the message on the browser says that today the certificate expires:
NET::ERR_CERT_DATE_INVALID
Subject: www.hosand.net
Issuer: R3
Expires on: 28 nov 2022
Current date: 28 nov 2022 <----------- *

but, If I check the certificate on the server I get this (I manually renewed it by webmin this morning):
openssl x509 -text -in /etc/webmin/letsencrypt-cert.pem

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:ae:63:e5:71:bb:2a:41:26:43:1a:88:f0:06:92:d5:71:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 28 09:44:34 2022 GMT
Not After : Feb 26 09:44:33 2023 GMT <----------- *
[..]

Certificate stuff are managed by webmin itself, and automatically renewed every 2 month.

I'm not an expert of these server things, and I do not have touched nothing since months.

Some kindly guy can tell me what is happening and how to solve this?
thanks,
Mauro

MikeMcQ · November 28, 2022, 3:30pm

Welcome to the community @gfunk

I don't know webmin enough to help guide you with that. Maybe ask your hosting service or wait for a volunteer here who might have that expertise.

But, I can confirm your server is using an expired cert. Also, it is not sending the intermediate chain. Your Apache server is configured wrong and is only sending the leaf cert.

See a site like this SSL Checker. And, compare results for your domain to this forum domain for an example of what you should see regarding the chain.

gfunk · November 28, 2022, 5:49pm

Hello Mike,
Thanks a lot for the fast answer.
Yes, with SSL Checker seems the intermediate chain is missing.

but the problem was that webmin recreated certificate for the domain only and not for the www..

I solved recreating the certificate for www with cerbot.

cheers,
Mauro

NorbertWebb · November 29, 2022, 1:54pm

Remove SSL Certificate Cache
Press Windows + R, then type "inetcpl.cpl" and press OK to open Internet Properties.
Navigate to the Content tab and then select Clear SSL status. Now, click Apply, then OK.
Reboot your computer to make the modifications take effect. Open Chrome and check for any remaining issues on net::err_cert_date_invalid

gfunk · November 30, 2022, 3:38pm

Thanks for the reply Norbert, but the problem was on the server, thanks anyway. solved. cheers.

system · December 30, 2022, 3:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.