Squarespace serving incorrect certificate


#1

I am having a similar issue, and Squarespace is blaming it on Let’s Encrypt and washing their hands of it. My url is www.christthelightoftheworld.org and the SSL certificate was active and working properly up until three days ago. All of a sudden, the site was no longer secure, and the only thing I can see is that the certificate name is issued for Squarespace and not my domain.

I’ve contacted Squarespace Support and they blamed the issue on Let’s Encrypt. They pointed me to the Let’s Encrypt status website and said you guys were having issues. They said it’s out of their hands and I just have to hope it’s fixed soon. Some strategy, huh? I’m beyond frustrated with SS, as I’m paying them to host a site that’s been down for three days now. Their answer was to make the site “insecure” again, but my site has already been indexed with the secured url. This is causing major problems because people are getting the scary “attackers are trying to steal your info” message when visiting.

Does anyone have any info on how to resolve this? I’m at a loss and Squarespace is zero help. I have a site that’s down and a certificate that is endlessly “processing”.


Squarespace Site SSL Certificate Process Pending extended amount of time
#2

@jsha anything you can do to help following the previous discussions ?


#3

@tarahooverdesigns so sorry for the trouble you are having! I’ll collaborate with the Squarespace folks and help get them resolved.

As far as I know, the issues Squarespace was having with Let’s Encrypt at the beginning of the month were resolved. However, looking again this morning I am seeing a number of “too many pending authorizations” from Squarespace.

Also, Let’s Encrypt’s recommendation, and Squarespace’s behavior, is to renew certificates well in advance of their expiration, so there’s plenty of time to fix any problems. I checked the CT logs, and the most recently issued certificate for your hostname is valid until March 12. So Squarespace can in theory continue use the certificate they currently have issued. I’m not sure why they are not.

@feangulo, would you mind taking a look at the above two issues?

Thanks,
Jacob


#4

Thanks Jacob. I don’t know much about the intricacies of SSL, but the error I’m getting from Chrome is “err_cert_common_name_invalid”. When I compare this site with the others I host from Squarespace, the certificate name is a wildcard, instead of my specific domain. I have no idea why this suddenly happened, especially when you verified the certificate was not expired.

Any help you can provide is much appreciated. I heard back from SS help again, and this was my response:

I can understand that this is a frustrating occurrence, however, due to the Let’s Encrypt issue there is a delay in the issuing of new certificates.

I’m sorry for the inconvenience this has caused, but unfortunately we don’t currently have a way to speed up this process.

It is not that we are trying to divert the blame away from us, but as Let’s Encrypt is issuing the certificates, we don’t have a workaround for this.


#5

Hi @tarahooverdesigns,

Yep, I know it can be frustrating getting bounced around between organizations when you need help. I’ve checked out your problem, and I’m following up with Squarespace engineers. Thanks for reporting it!

Jacob


#6

Thanks much. Really hope we can get this resolved soon!


#7

I haven’t heard back about a specific fix, but I checked your site just now and the HTTPS appears to be working again.


#8

Yes, I heard back from Squarespace saying the certificate had been issued. I assumed it was due to your contact with their engineers. I’m very happy to have the site working again, but I’m worried that this could happen with any of my other sites at any given time. Without a known fix on either Let’s Encrypt OR Squarespace’s end, it leaves the customer out of luck. I hope both companies can work together to avoid these issues in the future.

Thank you for all of your help. You were much more responsive than Squarespace, and I appreciate that.


#9

Closing the loop on this: Talking to Squarespace, it sounds like there was a DNS configuration change you needed to make in order to point at the right servers, and that was what ultimately fixed the issue. Did you make that change at some point?

Thanks,
Jacob


#10

I verified my DNS settings with Squarespace when the issue first happened, and they confirmed that everything was set properly. I just looked, and the DNS is configured the same way now as it was a few days ago. Not sure what configuration they are talking about since they were the ones to check it in the first place. Losing faith in Squarespace for sure!


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.