Unable to enter my own website

Ive installed LE on my website and, when I try to visit it, I get whats on screenshot below.
DB
Why?

We're noticing similar issues with the error code 'SEC_ERROR_UNKNOWN_ISSUER'. Please click on 'Advanced' and let us know your error code.

our "ISSUER" is "[STAGING) Wannabe Watercress R11" Pretend Pear X1

@doable your cert expired so you need to get a new one (why it isn't automated?)
@schiebeler_hbsn you are using staging endpoint instead of production one

4 Likes

It is the same traefik config since ages.. what are you suggesting i should do?

make a new thread and post your traefik?

5 Likes

You mean on my end (in ssh)?

each LE certificate only lasts 90 days, so you should automate it or at least want to make it one click thing:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

5 Likes

@schiebeler_hbsn Please open your own thread as it's not clear your and OPs issue are actually the same. Thank you.

2 Likes

Hello @doable,

I believe the "Warning: Potential Security Risk Ahead" is accurate for the domain name wojciechxtx.com

I suggest renewing the certificate is the solution.

Here is showing the certificate being served is expired https://decoder.link/sslchecker/wojciechxtx.com/443

Here is a list of issued certificates https://crt.sh/?q=wojciechxtx.com, the latest being

        Validity (Expired)
            Not Before: Feb 12 08:47:44 2024 GMT
            Not After : May 12 08:47:43 2024 GMT

I see this message " Error code: SEC_ERROR_EXPIRED_CERTIFICATE" from Windows 10 Firefox 126.0 (64-bit)

2 Likes

Yes.

No, with the ACME Client you are using and probably crontab

Edit: also I do not know which of the Challenge Types - Let's Encrypt you are using,
assuming the HTTP-01 challenge which states "The HTTP-01 challenge can only be done on port 80."

Best Practice - Keep Port 80 Open

Using the online tool Let's Debug yields these results showing unable to access Port 80.

ANotWorking
ERROR
wojciechxtx.com has an A (IPv4) record (51.77.66.19) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://wojciechxtx.com/.well-known/acme-challenge/letsdebug-test": dial tcp 51.77.66.19:80: connect: connection refused

Trace:
@0ms: Making a request to http://wojciechxtx.com/.well-known/acme-challenge/letsdebug-test (using initial IP 51.77.66.19)
@0ms: Dialing 51.77.66.19
@21ms: Experienced error: dial tcp 51.77.66.19:80: connect: connection refused
IssueFromLetsEncrypt
ERROR
A test authorization for wojciechxtx.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
51.77.66.19: Fetching http://wojciechxtx.com/.well-known/acme-challenge/34n4L0W2iX1Y8spgzSRBtjW0EWsdnE1bJHxZLN0rVqw: Connection refused
2 Likes