Squarespace Cert not Processing


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
christianinternational.com

I ran this command:

It produced this output:

My web server is (include version):
squarespace

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
squarespace

I can login to a root shell on my machine (yes or no, or I don’t know):
no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
squarespace

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I have seen from some of the other posts in this forum that squarespace has issues issuing (heh) certificates from time to time. I was just hoping that you could tell me if there is currently a technical issue issuing this cert, or if it’s truly dns cache time.

Thank You!


#2

Result of: dig +short @8.8.8.8 christianinternational.com -t CAA is nothing, just to rule that out.

It has been > 24 hours since connecting the domain, and I know it shouldn’t take this long.

Please let me know what other information you need from me.


#3

Hi,

This would be a matter directly related to squarespace, as they are responsible for requesting / installing / renewing your certificate.
Currently, there aren’t any issue related to Let’s Encrypt Service, and only squarespace would know if they have any issue with their automation.

Please contact Squarespace for this matter.

Thank you


#4

Hi @wulfmann, sorry to hear you’re having troubles.

I’m only aware of one specific problem related to mit.edu rate limiting. If you’re having trouble with a different domain with Squarespace I’d second @stevenzhu’s suggestion (thanks!) that you contact Squarespace support. They would need to provide more information about what the delays are. There aren’t any ongoing issues on the Let’s Encrypt side.


#5

Hi @wulfmann

there are curious results:

Searching christianinternational.com:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:christianinternational.com;issuer_uid:4428624498008853827&lu=cert_search

Two certificates, created today (pre- and leaf certificates), one with one domain name, the other with 7.

christianinternational.com
cpanel.christianinternational.com
mail.christianinternational.com
webdisk.christianinternational.com
webmail.christianinternational.com
whm.christianinternational.com
www.christianinternational.com

But instead of using that cPanel-certificate, your two connections (non-www and www) are using two different certificates ( https://check-your-website.server-daten.de/?q=christianinternational.com ):

CN=christianinternational.com
	26.02.2019
	27.05.2019
expires in 90 days	christianinternational.com - 1 entry

and

CN=www.christianinternational.com
	26.02.2019
	27.05.2019
expires in 90 days	www.christianinternational.com - 1 entry

both from Letsencrypt, both created today.

And searching with subdomains

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:true;domain:christianinternational.com;issuer_uid:4428624498008853827&lu=cert_search

there is

cimn.tv - 23 domain names
mailcimn.net - 15 domain names
hamonfamily.com - 17 domain names

Sample: The first has

bishophamon.christianinternational.com
cimn.christianinternational.com
cimn.tv
cpanel.cimn.tv
cpanel.mailcimn.net
directory.christianinternational.com
mail.cimn.tv
mail.mailcimn.net
mailcimn.christianinternational.com
mailcimn.net
old.christianinternational.com
webdisk.cimn.tv
webdisk.mailcimn.net
webmail.cimn.tv
webmail.mailcimn.net
whm.cimn.tv
whm.mailcimn.net
www.bishophamon.christianinternational.com
www.cimn.christianinternational.com
www.cimn.tv
www.directory.christianinternational.com
www.mailcimn.christianinternational.com
www.old.christianinternational.com

as domain names.

So it looks that there are a lot of certificates creates that are not used. But that may hit some limits.


#6

This is a result of me manually managing some domains and squarespace managing just the apex domain.

Squarespace just took a full day but it eventually worked.

We are all set!


closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.