Ive installed LE on my website and, when I try to visit it, I get whats on screenshot below.
DB
Why?
We're noticing similar issues with the error code 'SEC_ERROR_UNKNOWN_ISSUER'. Please click on 'Advanced' and let us know your error code.
our "ISSUER" is "[STAGING) Wannabe Watercress R11" Pretend Pear X1
@doable your cert expired so you need to get a new one (why it isn't automated?)
@schiebeler_hbsn you are using staging endpoint instead of production one
4 Likes
It is the same traefik config since ages.. what are you suggesting i should do?
make a new thread and post your traefik?
5 Likes
You mean on my end (in ssh)?
each LE certificate only lasts 90 days, so you should automate it or at least want to make it one click thing:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
5 Likes
@schiebeler_hbsn Please open your own thread as it's not clear your and OPs issue are actually the same. Thank you.
2 Likes
Hello @doable,
I believe the "Warning: Potential Security Risk Ahead" is accurate for the domain name wojciechxtx.com
I suggest renewing the certificate is the solution.
Here is showing the certificate being served is expired https://decoder.link/sslchecker/wojciechxtx.com/443
Here is a list of issued certificates https://crt.sh/?q=wojciechxtx.com, the latest being
Validity (Expired)
Not Before: Feb 12 08:47:44 2024 GMT
Not After : May 12 08:47:43 2024 GMT
I see this message " Error code: SEC_ERROR_EXPIRED_CERTIFICATE" from Windows 10 Firefox 126.0 (64-bit)
2 Likes
Yes.
No, with the ACME Client you are using and probably crontab
Edit: also I do not know which of the Challenge Types - Let's Encrypt you are using,
assuming the HTTP-01 challenge which states "The HTTP-01 challenge can only be done on port 80."
Best Practice - Keep Port 80 Open
Using the online tool Let's Debug yields these results showing unable to access Port 80.
ANotWorking
ERROR
wojciechxtx.com has an A (IPv4) record (51.77.66.19) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://wojciechxtx.com/.well-known/acme-challenge/letsdebug-test": dial tcp 51.77.66.19:80: connect: connection refused
Trace:
@0ms: Making a request to http://wojciechxtx.com/.well-known/acme-challenge/letsdebug-test (using initial IP 51.77.66.19)
@0ms: Dialing 51.77.66.19
@21ms: Experienced error: dial tcp 51.77.66.19:80: connect: connection refused
IssueFromLetsEncrypt
ERROR
A test authorization for wojciechxtx.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
51.77.66.19: Fetching http://wojciechxtx.com/.well-known/acme-challenge/34n4L0W2iX1Y8spgzSRBtjW0EWsdnE1bJHxZLN0rVqw: Connection refused
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.