Squarespace Cert not Processing

wulfmann · February 26, 2019, 4:54am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
christianinternational.com

I ran this command:

It produced this output:

My web server is (include version):
squarespace

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
squarespace

I can login to a root shell on my machine (yes or no, or I don’t know):
no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
squarespace

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I have seen from some of the other posts in this forum that squarespace has issues issuing (heh) certificates from time to time. I was just hoping that you could tell me if there is currently a technical issue issuing this cert, or if it’s truly dns cache time.

Thank You!

wulfmann · February 26, 2019, 5:01am

Result of: dig +short @8.8.8.8 christianinternational.com -t CAA is nothing, just to rule that out.

It has been > 24 hours since connecting the domain, and I know it shouldn’t take this long.

Please let me know what other information you need from me.

stevenzhu · February 26, 2019, 5:13am

Hi,

This would be a matter directly related to squarespace, as they are responsible for requesting / installing / renewing your certificate.
Currently, there aren't any issue related to Let's Encrypt Service, and only squarespace would know if they have any issue with their automation.

Please contact Squarespace for this matter.

Thank you

cpu · February 26, 2019, 2:23pm

Hi @wulfmann, sorry to hear you're having troubles.

I'm only aware of one specific problem related to mit.edu rate limiting. If you're having trouble with a different domain with Squarespace I'd second @stevenzhu's suggestion (thanks!) that you contact Squarespace support. They would need to provide more information about what the delays are. There aren't any ongoing issues on the Let's Encrypt side.

JuergenAuer · February 26, 2019, 2:51pm

Hi @wulfmann

there are curious results:

Searching christianinternational.com:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:christianinternational.com;issuer_uid:4428624498008853827&lu=cert_search

Two certificates, created today (pre- and leaf certificates), one with one domain name, the other with 7.

christianinternational.com
cpanel.christianinternational.com
mail.christianinternational.com
webdisk.christianinternational.com
webmail.christianinternational.com
whm.christianinternational.com
www.christianinternational.com

But instead of using that cPanel-certificate, your two connections (non-www and www) are using two different certificates ( https://check-your-website.server-daten.de/?q=christianinternational.com ):

CN=christianinternational.com
	26.02.2019
	27.05.2019
expires in 90 days	christianinternational.com - 1 entry

and

CN=www.christianinternational.com
	26.02.2019
	27.05.2019
expires in 90 days	www.christianinternational.com - 1 entry

both from Letsencrypt, both created today.

And searching with subdomains

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:true;domain:christianinternational.com;issuer_uid:4428624498008853827&lu=cert_search

there is

cimn.tv - 23 domain names
mailcimn.net - 15 domain names
hamonfamily.com - 17 domain names

Sample: The first has

bishophamon.christianinternational.com
cimn.christianinternational.com
cimn.tv
cpanel.cimn.tv
cpanel.mailcimn.net
directory.christianinternational.com
mail.cimn.tv
mail.mailcimn.net
mailcimn.christianinternational.com
mailcimn.net
old.christianinternational.com
webdisk.cimn.tv
webdisk.mailcimn.net
webmail.cimn.tv
webmail.mailcimn.net
whm.cimn.tv
whm.mailcimn.net
www.bishophamon.christianinternational.com
www.cimn.christianinternational.com
www.cimn.tv
www.directory.christianinternational.com
www.mailcimn.christianinternational.com
www.old.christianinternational.com

as domain names.

So it looks that there are a lot of certificates creates that are not used. But that may hit some limits.

wulfmann · February 26, 2019, 3:00pm

This is a result of me manually managing some domains and squarespace managing just the apex domain.

Squarespace just took a full day but it eventually worked.

We are all set!

system · March 28, 2019, 3:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.