SSL Not Working for Old or New Domains

All of my domains that use Letsencrypt certificate are being treated as a “malicious website ahead” in both Chrome, Firefox, IE, Edge, Opera and the Apple browser.

In short, Lets Encrypt SSL no longer works, it is no longer valid. Even doing the renovation within my VPS manager.

In short, I will have to remove lets encrypt from my website, otherwise I will lose thousands of visits, and positions on Google, and my loss will be huge, if I don’t resolve it soon.

Source: Let’s Encrypt to revoke 3 million certificates on March 4 due to software bug

1 Like

That bug/revoking stuff was relativily ages ago. You did check the date it mentions, right? March 4th? Like, almost 3 months ago?

Just renew (force if you have to) your certificates and you’ll be fine.

Those specific revoked certificates aren’t working any longer, yes. But “Let’s Encrypt SSL” works fine.

I’m not sure how this is related or even relevant?

No, you don’t have to remove anything. Just renew the certificates and you’re fine.

If this is actually the issue, you’ve probably lost visiters for almost three months now. Let’s Encrypt has send an e-mail to the e-mail address associated with the account. I know this for a fact, because I received one. You should read all e-mails related to Let’s Encrypt on the e-mail address associated with the ACME account used to get your certificates.

1 Like

Hi @vidadigital

Letsencrypt certificates are 90 days valid.

Normally, they are renewed after 60 days.

So if a certificate had that problem 2020-03-04, it’s renewed. Then the problem doesn’t longer exist.

If you write today, you are affected: Why are these certificates installed? Why aren’t these certificates renewed?

PS:

Read

and

Mass-revocation is canceled

3 Likes

Everything you mentioned above, I already did, and the problem continues. Anyway, I can only find a paid SSl, to be able to correct this problem.

1 Like

Then you’re having some other problem unrelated to the revoking of those earlier certificates.

That’s not necessary. Certificates from Let’s Encrypt are exactly the same as certificates from a paid CA.

2 Likes

I just bought a new domain, installed letsencrypt and tested it on all nodes, and the problem continues.
Today is 05/29/2020, I am in Brazil, I bought the domain yesterday, installed the certificate and immediately receive the notification that the website certificate is not valid. So the problem continues, even after the news of March 4th.

Take a test: https://front.snipertube.com.br

I removed SSL from LetsEncrypt, I placed SSL from CloudFlare and all browsers stopped sending me invalid SSL notices.

A certificate created yesterday isn’t affected.

There is another problem.

You are doing something completely wrong.

1 Like

It’s just impossible that your current problems are related to the revoking due to the CAA bug. Two reasons:

1: Let’s Encrypt isn’t mass-revoking those certificates any longer like @JuergenAuer pointed out
2: any NEW certificate since the bug in Boulder was fixed wouldn’t have been revoked anyway, nor is it revoked now.

Therefore, like I said earlier, your troubles with a Let’s Encrypt certificate must be due to some other fact.

I’m rather puzzled why you’re failing to see that point and why you keep refering to the CAA bug revoking from three months ago.

Also, CloudFlare TLS has a whole different method of securing the connection: your visitors will be connecting to a secure CloudFlare endpoint. Depending on how you’ve set the CloudFlare settings, your servers TLS can be as messy and mis-configured as it can be and still your users will get a secure connection (to CloudFlare). Therefore, you cannot compare CloudFlares “certificate” with a Let’s Encrypt certificate.

1 Like

It seems like you are experiencing problems issuing certificates that could be related to your ACME client or hosting provider. I’ve renamed your topic and moved it to the ‘Help’ category. Please answer our ‘Help’ section questionnaire below so the community can assist you with finding the problem and recommending a solution. It should also be noted that all the certificates related to the CAA rechecking incident have expired if they were not already replaced/revoked. Any problems with a certificate that might have been affected are now most likely to be certificate expiration problems.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

4 Likes

This site is using a cert that expired yesterday (it was issued 28 February) for vmi89940.contabo.host. The error you’re seeing is both because the cert is expired, and because it isn’t for the name you’re visiting. Neither of these (as you’ve been repeatedly told) has anything to do with the mass revocation that was scheduled for nearly three months ago.

1 Like

By the way, three certificates for front.snipertube.com.br were recently issued. Let’s Encrypt has rate limits. You shouldn’t keep issuing new duplicate certificates.

You don’t need to issue more certificates, the web server just needs to be configured to use one of the certificates you already have.


https://crt.sh/?Identity=snipertube.com.br&deduplicate=Y
4 Likes

My server is Centos 6,
My VPS control is: Centos Web Panel version 6 PRO, PHP7 an PHP 5.6
http://centos-webpanel.com/changelog
My Host Provider is: Contabo.com
My Domain: snipertube.com.br
I’m using Auto SSL on Panel for install Lets Encrypt

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.