While adding SSL i am getting this error - Error: certificate has expired

While adding SSL I am getting this error Please find the logs and let me know what’s wrong with this.

Domain Name:- universaltextilesint.com

0|index | [acme-v2] handled(?) rejection as errback:
0|index | Error: certificate has expired
0|index | at TLSSocket. (_tls_wrap.js:1103:38)
0|index | at emitNone (events.js:106:13)
0|index | at TLSSocket.emit (events.js:208:7)
0|index | at TLSSocket._finishInit (_tls_wrap.js:637:8)
0|index | at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:467:38)
0|index | { Error: socket hang up
0|index | at TLSSocket.onHangUp (_tls_wrap.js:1135:19)
0|index | at Object.onceWrapper (events.js:313:30)
0|index | at emitNone (events.js:111:20)
0|index | at TLSSocket.emit (events.js:208:7)
0|index | at endReadableNT (_stream_readable.js:1055:12)
0|index | at _combinedTickCallback (internal/process/next_tick.js:138:11)
0|index | at process._tickDomainCallback (internal/process/next_tick.js:218:9)
0|index | code: ‘ECONNRESET’,
0|index | path: null,
0|index | host: ‘localhost’,
0|index | port: 443,
0|index | localAddress: undefined } ‘respppppppp’ undefined
0|index | { Error: ENOENT: no such file or directory, open ‘/root/acme/etc/live/universaltextilesint.com/fullchain.pem’
0|index | errno: -2,
0|index | code: ‘ENOENT’,
0|index | syscall: ‘open’,

Hi @Shubham1

your dns-settings:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
universaltextilesint.com A 35.190.95.30 yes 1 0
AAAA yes
www.universaltextilesint.com C universaltextiles.storehippo.com yes 1 0
A 52.172.202.112 yes

So your www-version uses storehippo.com, not your server. Isn’t there a certificate management? It may be impossible to install a certificate, may be storehippo has an integrated solution.

Your non-www version redirects to a not-defined domain name:

Domainname Http-Status redirect Sec. G
http://universaltextilesint.com/
35.190.95.30 301 http://www.universaltextilesint.com/ 0.300 D
http://www.universaltextilesint.com/
52.172.202.112 301 https://www.universaltextilesint.com/ 0.287 A
https://universaltextilesint.com/
35.190.95.30 301 https://www.Covershower.com/ 4.170 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://www.Covershower.com/ -1 0.040 R
NameResolutionFailure - The remote name could not be resolved: ‘www.covershower.com
https://www.universaltextilesint.com/
52.172.202.112 200 4.130 N
Certificate error: RemoteCertificateChainErrors

covershower.com isn’t defined.

And your www-Letsencrypt certificate is 424 days expired.

CN=www.universaltextilesint.com
	10.10.2017
	08.01.2018
424 days expired	www.universaltextilesint.com - 1 entry

So check your storehippo - Account.

Hi JuergenAuer,

Thanks for the response.

This is the first time we are generating the certificate for this particular domain so how can it show the certificate as expired? If the certificate is not generated, where is it getting the old certificate from?

Thanks,
Shubham

Perhaps the domain was used by another user.

Are your dns entries correct?

What client did you used?

There is a standard template:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Actually, I already mentioned the domain name there and output as well.
I am using Linux OS and Nginx server.
This Domain was purchased from Godday

If you have a CNAME entry to another server (not the server you run your ACME-client), you can’t create a certificate via http-01 validation. The ACME-client should run on the server with that domain name.

You can create a certificate via dns-01 validation.

But to use / install that certificate, you have to install it on that other server.

So if you use a CNAME, that moves your domain to storehippo: Are you able to install there a certificate?

Perhaps not.

Looks like your server isn’t configured and can’t talk with Letsencrypt.

But this isn’t relevant because you can’t install the certificate with your CNAME setting.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.