SSL Certificate is being blocked by Avast

Hi everyone,

I am the owner of the following website and I am facing a problem: every time when I access my website from a pc running Avast program, it shows up an alarm and blocks access to my website due to certificate has been revoked. However, I never revoked any certificate and I don’t know why the certificate was revoked.

I installed Let’s Encrypt SSL through the control panel of my hosting provider. I already contacted them about this issue and they said that the certificate is correctly installed and configured.

I tried to access the website from 3 different PCs running Avast and all of them happened the same thing. Accessing from PCs not running Avast, I had no problems.

Also, I’ve tested the SSL through https://www.ssllabs.com/ssltest/analyze.html?d=www.placenpepper.com&latest and it shows a certificate as not trusted. I guess that’s why Avast is blocking my website. It’s important to say the certificate is expired and this issue was happening even before the certificate expiration.

The SSL test also shows three different certificates, is it usual? Why is one of them as not trusted?

So, my doubts are: why my certificate is revoked? how can I solve this issue?

I appreciate any help you guys can give me. I am really in the dark in this situation.

My domain is: https://www.placenpepper.com
Alarm showed by Avast: "Avast has blocked access to [my domain] because the server certificate has been revoked."
My web server is (include version): Apache
The operating system my web server runs on is (include version): CentOS release 6.7 (Final)
My hosting provider, if applicable, is: Kinghost
I can login to a root shell on my machine (yes or no, or I don’t know): Yes

Bom dia @rgcosta,

If Avast is using the term “revoked”, it’s the wrong term. That certificate expired on August 13. Let’s Encrypt certificates are valid for 90 days and have to be replaced by a newly-issued certificate before then to avoid this kind of warning (which we call “renewal”).

I do find this situation puzzling because when I visited your site in a browser, I first got an error about the expired certificate, and then when I visited it again, I got the renewed certificate and the site loaded correctly (!). I’m also not familiar with the circumstances under which SSL Labs encounters multiple certificates for the same site as represented in this test.

Apparently, there is some circumstance under which your site serves the renewed certificate and another circumstance under which it serves the expired certificate. I’ll try to do some more tests and see if I can understand what the difference is and what could be causing it.

What I’m seeing is that when I connect multiple times in a row, the server gives a different certificate on different connections. This is relatively unusual since from the outside world’s point of view, your site only has one IP address. I’ve never experienced this particular configuration problem in this form before.

I suspect that your hosting provider might have multiple web servers on the back-end behind a load-balancing appliance, and the updated certificate might only be installed on one of those servers, while the old certificate. Is that possible? How much do you know about your hosting environment at Kinghost?

Maybe you could contact Kinghost and let them know that subsequent connections to the same IP address 191.6.198.90 return different certificates for your site—which seems to be an indication of a configuration problem inside their infrastructure somewhere.

Hi @schoen,

Thank you very much for your quick reply. I don’t know much about my hosting environment, but I can affirm that it’s a shared hosting. it might be relevant to say I noticed from the hosting control panel that the same server is being used since my account was configured.

I can request them any important information. Just let me know if you need.

I will contact them about the subsequent connections which return different certificates. As soon as I get an answer, I post here.

Thanks again.

Agreed, very weird indeed for a single system to produce such a result:
Two different certs from the one IP:SNI


I am monitoring the ssllabs test for a while and before the certificate expiration, the ssllabs test already showed theses two certificates as valid. I guess this is pretty unusual, right. So, this can be the origin of the problem? The hosting provider is responsible for replacing or removing one of them (the expired one, I suppose)?

There was a time that both were valid:
8/3/2017-11/1/2017
and
5/15/2017-8/13/2017
overlap for 11 days:
from 8/3/2017-8/13/2015

Yes, having an expired cert on a production server is a problem - if only half of the times - LOL

That needs to be sorted out between you and your hosting provider.
One of you is responsible for keeping all systems up-to-date.

Hi Everyone,

It took some time to get an answer from my hosting provider, that’s why I delayed in posting here again.

So, according to my hosting provider, they migrated my website to another server and configured a new SSL certificate on this (unfortunately, I don’t have more details). After that, the problem seems to be solved. At least the Avast is not blocking the access so far and the ssllabs test is now showing only one valid certificate. I will keep monitoring this scenery for more few days. Any strange behavior, I will post here again.

https://www.ssllabs.com/ssltest/analyze.html?d=www.placenpepper.com

I would like to thank you @schoen and @rg305 for your help. It helped me a lot and I really appreciate it.

Well, it’s definitely being served from a different IP address now. :slight_smile: I’m glad everything is working OK.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.