SSL Certificate Expiration Date Error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://fr.hays-careers.com/

I ran this command:

  • I renewd the certificate manually using the Plesk, but on Plesk it shows the certificate is yet to expire and the expiry date is : “December 4, 2020”

It produced this output:

  • But when visiting the site, it gives the following error “Web sites prove their identity via certificates, which are valid for a set time period. The certificate for fr.hays-careers.com expired on 29/08/2020.”

  • “Error code: SEC_ERROR_EXPIRED_CERTIFICATE”

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

  • IP address: 85.13.229.66
  • OS: CentOS 6.10 (Final)
  • Product: Plesk Obsidian
  • Version: 18.0.29 Update #3, last updated on Sept 1, 2020 03:38 AM

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Using FireFox the error I recive is as below:

"Web sites prove their identity via certificates, which are valid for a set time period. The certificate for fr.hays-careers.com expired on 29/08/2020.

  • Error code: SEC_ERROR_EXPIRED_CERTIFICATE"

==== Issue Updates ===

  1. I have tried to re-issue teh certificate
  2. I have tried to issue a new certificate and assign it to the domain
  3. I have manually added a new certificate using “sslforfree.com

Yet, it keeps that old expird certificate when trying to access the site. Is there any way I can get this issue resolved ? Any advice please ?

Many thanks,

Fawaz

Hi @webcitynetworks

  • did you restart your webserver?

If that doesn’t help, the certificate isn’t installed. So check your Plesk.

1 Like

Hi Juergen,

Many thanks for the propmpt responce. I havent re-started the server yet, as I’m a freelance-contracter, I need to get authorisation to re-start the server, as there are other sites on the same server.

I have checked the Plesk, I can clearly see the SSL certificate is indeed availabe on the under the certificate list.

Is there something that I have doe wrong ? or is there a way to correct it ? I have also done the following actions addtionally, but to no awail …

  1. Removed the old “.well-known” folder
  2. Created a new SSL using “https://www.sslforfree.com” (n.b. it did not create a CSR, but the rest of the key was all valid)
  3. Got the domain validated via the HTTP file method.
  4. Re-applied the new SSL to the domain.
  5. Remove the SSL totaly from the site and even deleted it, its still showing the same error …

Yet, when I check the domain I get the same error.

Below are some tests tool resultds that is availabe via Plesk, showing that even after I removed the SSL, it still shows the errors, specifically sayign teh certificate is expired on " Sat, 29 Aug 2020 08:05:25 UTC (expired 7 days, 10 hours ago) EXPIRED".

Report URL: https://www.ssllabs.com/ssltest/analyze.html?d=fr.hays-careers.com

Also when I checked the forum some were saying to check for duplicate SSL certificates, and I found quite a few duplicates as well.

Report URL: https://check-your-website.server-daten.de/?q=fr.hays-careers.com

Additionally, when I tried to re-issue the sertificate I recived an error popmt saysing that I have reached my Free SSL limitation.

  1. Is there a way to remove or get rid of the duplicates ?
  2. Anything else that I can do to get this resolved please?

Many thanks for everyone trying to help …

Kind regards,

Fawaz

1 Like

That’s expected if you don’t restart the webserver. A webserver restart is required. So no restart -> you use the old certificate.

But that’s not a reboot. Plesk should have a soft-restart-option. But I don’t use Plesk.

It’s completely wrong if you create new certificates if you have already created one new certificate.

Deleting and recreating is a waste of resources.

1 Like

Hi Juergen,

Thanks for the clarification. I’m sorry that I only created a single new SSL via the “https://www.sslforfree.com/”, but when I checked it showed duplicates, seems each time I tried to remove the SSL and re-apply, it kept creating a duplicate.

Just a note, via the Plesk SSL Certificate section, I can only see that there is 1 single certificate that was already there which seemingly is expired, and the second one that I generated using the “https://www.sslforfree.com/”. So not sure the how the duplicates got created, unless with each renew request, Plesk was creating a new SSL on the background.

Is there a way that I can perhaps remove them or relese these duplicates ?

I will try to get the authorisation to get it re-booted and let you know how it goes.

Again, many thaanks for the valuble advice.

Best regards,

Fawaz

Hi JuergenAuer,

I have got the sys admin teams to restart the ‘Plesk’ service as recomended. But seems the problem is not resolved yet. It is still showing the same certificate and same error, i.e. expired certificate error. The Plesk soft-boot did not resolve the isssue stangely. Any other suggestions perhaps ?

Many thanks,

Fawaz

Please note: that site doesn’t use Let’s Encrypt, but uses ZeroSSL, a different certificate authority. This Community is for Let’s Encrypt, not a support Community for ZeroSSL.

Also, please don’t keep trying to get certificates the same way if that way fails. You’ve got 4 certificates issued on September 5th and one 2 days before that: https://crt.sh/?Identity=fr.hays-careers.com&iCAID=16418&deduplicate=Y

Furthermore, you seem to have deleted one or more questions from the questionnaire, such as if you have root access or not. This is important. Because if you don’t have root access, it’s probably the job of your hosting provider – which is probably providing your Plesk control panel – to fix this issue.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.