Unable to enter my own website

Ive installed LE on my website and, when I try to visit it, I get whats on screenshot below.

We're noticing similar issues with the error code 'SEC_ERROR_UNKNOWN_ISSUER'. Please click on 'Advanced' and let us know your error code.

our "ISSUER" is "[STAGING) Wannabe Watercress R11" Pretend Pear X1

@doable your cert expired so you need to get a new one (why it isn't automated?)
@schiebeler_hbsn you are using staging endpoint instead of production one


It is the same traefik config since ages.. what are you suggesting i should do?

make a new thread and post your traefik?


You mean on my end (in ssh)?

each LE certificate only lasts 90 days, so you should automate it or at least want to make it one click thing:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


@schiebeler_hbsn Please open your own thread as it's not clear your and OPs issue are actually the same. Thank you.


Hello @doable,

I believe the "Warning: Potential Security Risk Ahead" is accurate for the domain name wojciechxtx.com

I suggest renewing the certificate is the solution.

Here is showing the certificate being served is expired https://decoder.link/sslchecker/wojciechxtx.com/443

Here is a list of issued certificates https://crt.sh/?q=wojciechxtx.com, the latest being

        Validity (Expired)
            Not Before: Feb 12 08:47:44 2024 GMT
            Not After : May 12 08:47:43 2024 GMT

I see this message " Error code: SEC_ERROR_EXPIRED_CERTIFICATE" from Windows 10 Firefox 126.0 (64-bit)



No, with the ACME Client you are using and probably crontab

Edit: also I do not know which of the Challenge Types - Let's Encrypt you are using,
assuming the HTTP-01 challenge which states "The HTTP-01 challenge can only be done on port 80."

Best Practice - Keep Port 80 Open

Using the online tool Let's Debug yields these results showing unable to access Port 80.

wojciechxtx.com has an A (IPv4) record ( but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://wojciechxtx.com/.well-known/acme-challenge/letsdebug-test": dial tcp connect: connection refused

@0ms: Making a request to http://wojciechxtx.com/.well-known/acme-challenge/letsdebug-test (using initial IP
@0ms: Dialing
@21ms: Experienced error: dial tcp connect: connection refused
A test authorization for wojciechxtx.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued. Fetching http://wojciechxtx.com/.well-known/acme-challenge/34n4L0W2iX1Y8spgzSRBtjW0EWsdnE1bJHxZLN0rVqw: Connection refused