Valid certificate failing

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

My web server is (include version):
Apache

The operating system my web server runs on is (include version):
Ubuntu 18.04.6

My hosting provider, if applicable, is:
Linode

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.30.0

I am at my wits end, again, but with another server. SSL Checker shows that my certificate expired five days ago, it didn't. Pingdom is showing hundreds of outages over the last couple days. When I go to the website, sometimes I get an SSL error, but then I refresh and it loads fine. I updated to the newest Certbot and renewed all certificates and Certbot says they are fine.

Screen Shot 2022-10-04 at 10.55.22 AM951×374 11.9 KB

Screen Shot 2022-10-04 at 10.23.28 AM813×752 148 KB

I will note that since posting this everything has been up for about 10 minutes and SSL checker is now saying it is ok. So of course that happened.

Your certificates has been renewed at 14:54:23 2022 GMT indeed

Depending on how you issued your certificate the first time, it might be necessary to reload your Apache before the new certificate is picked up by the software.

Yes, that is probably when I renewed everything. But, the errors are back. I restarted Apache again for giggles. Not sure what to do next.

Screen Shot 2022-10-04 at 11.32.23 AM694×490 29.9 KB

Cert_Date_Invalid usually means your computer clock is wrong

The correct certificate is being served, so probably a local client issue indeed.

It is not just me though. Pingdom reports errors as are others in the company in remote locations.

I don't have a pingdom account (and dont want one). But, can you show the errors that it or your other remote locations have? It is hard to advise without a description of the error

I see your certs just fine from an AWS region on US East Coast. This 24x7 test site sees it fine from 5 points around the globe.

And, SSL Labs gives an A for it on both your IPv4 and IPv6 addresses

https://www.ssllabs.com/ssltest/analyze.html?d=forestryequipmentguide.com&hideResults=on

Are these being hosted at different locations/systems?

curl -Ii4 https://www.forestryequipmentguide.com/
server: Apache/2.4.29 (Ubuntu)
set-cookie: city=Richardson; expires=Thu, 03-Nov-2022 17:55:51 GMT; Max-Age=2592000; path=/

curl -Ii6 https://www.forestryequipmentguide.com/
server: Apache/2.4.29 (Ubuntu)
set-cookie: city=Philadelphia; expires=Thu, 03-Nov-2022 17:55:54 GMT; Max-Age=2592000; path=/

Not that I know of. My server is a Linode in Dallas.

It is behind a load-balancer [or anything of that sort] ?

No. I had Cloudflare on, but that has been disabled for a few days.

Please show:
ps -ef | grep -Ei 'apache|http|nginx' | grep -v grep

I know what it is. When our IP locator can't verify your location, it defaults to Philly. That happens a lot with Ipv6.

root 9913 1 0 11:32 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 9914 9913 0 11:32 ? 00:00:20 /usr/sbin/apache2 -k start
www-data 9931 9913 0 11:32 ? 00:00:22 /usr/sbin/apache2 -k start

That's a match - no loose threads

Not sure what that means.

It's a good thing.

But I still can't explain why it would serve multiple certs...

Oh ok.

I should note that I am on 3 straight hours of uptime. So I dont know if there is anything to be found this moment,.