SSL Certificate Renewal (post expiry) issue


#1

Hi,

I am technically challenged person. I have a website (www.sahasriya.com) on which the LetsEncrypt certificate has expired after 90 days. My website is currently hosted with Godaddy and built using Wordpress. Godaddy is suggesting at purchasing their certificate which is rather expensive.

All my website users complain that they now get a warning message that website is no more secure.

Any help on this is appreciated.

Govind


#2

Hi @gdesikan

how did you create that certificate? Do that again.

There is a standard template from #help


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


#3

Hi,

Thanks for the reply. I tried the way detailed here

Like I said, I am technically challenged and am providing details of as much as possible on the questions below

My domain is: www.sahasriya.com

I ran this command: Followed the steps provided in the above link

It produced this output: Kindly refer the uploaded file

. At this step on clicking the key, On one domain (sahasriya.com) I get my existing website and on other domain (www.sahasriya.com) I get 404 Oops! we’re sorry… but something went wrong.

My web server is (include version): As per online tool (netcraft.com), it is Apache (sub version unable to determine). But it is hosted with Godaddy Singapore

The operating system my web server runs on is (include version): Linux (as per netcraft.com)

My hosting provider, if applicable, is: Godaddy

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel provided by Godaddy with their linux hosting option

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


#4

Ok, you don’t use an own client, you use the zerossl - client.

Letsencrypt certificates are only 90 days valid, so you have to do that every 60 - 85 days. That’s the limitation.

And your configuration is critical ( https://check-your-website.server-daten.de/?q=sahasriya.com ):

Domainname Http-Status redirect Sec. G
http://sahasriya.com/
148.66.136.1 301 https://www.sahasriya.com/home/ 6.107 E
http://www.sahasriya.com/
148.66.136.1 302 https://www.sahasriya.com/ 0.367 A
https://sahasriya.com/
148.66.136.1 301 https://www.sahasriya.com/home/ 2.004 N
Certificate error: RemoteCertificateChainErrors
https://www.sahasriya.com/
148.66.136.1 301 https://www.sahasriya.com/home/ 1.924 N
Certificate error: RemoteCertificateChainErrors
https://www.sahasriya.com/home/ 200 3.063 N
Certificate error: RemoteCertificateChainErrors
http://www.sahasriya.com/home/index.php 301 https://www.sahasriya.com/home/index.php 1.713 A
Visible Content: <!doctype html> Document moved Document has moved here .
http://sahasriya.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
148.66.136.1 301 http://www.sahasriya.com/home/index.php 0.370 D
Visible Content: Moved Permanently The document has moved here .
http://www.sahasriya.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
148.66.136.1 302 https://www.sahasriya.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.447 A
Visible Content: Found The document has moved here .
https://www.sahasriya.com/home/index.php 301 https://www.sahasriya.com/home/ 2.667 N
Certificate error: RemoteCertificateChainErrors
Visible Content: <!doctype html> Document moved Document has moved here .
https://www.sahasriya.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404

Letsencrypt checks the file in port 80 + /.well-known/acme-challenge.

But checking such a (not existing) file:

Your http + non-www is redirected to http + www + /home/index.php, that can’t work.

Your http + www is redirected to https + www (that’s ok), there is the expected http status 404 - not found.

So check your redirects. A redirect http + /folder/subfolder/filename should redirect to https + /folder/subfolder/filename.


#5

Hi,

Does it mean that my .htaccess file has to be corrected? Kindly advise


#6

Perhaps.

Redirects can be defined in your

  • .htaccess
  • vHost definitions
  • application-specific

Check each place to find these redirects.