Wordpress reporting certificate out of date

Help
1

My domain is: https://www.themarinerwatchet.com
My web server is (include version): Apache
The operating system my web server runs on is (include version): Centos 7
My hosting provider, if applicable, is: Self
I can login to a root shell on my machine - yes

I have changed a wordpress site on this VPS server and fixed all the redirects within wordpress but Firefox is showing security errors:

Firefox reports:-
themarinerwatchet.com uses an invalid security certificate. The certificate is not trusted because it is
self-signed. The certificate is not valid for the name themarinerwatchet.com. The certificate expired on 11 March 2017 11:42. The current time is 28 January 2020 17:02. Error code: SEC_ERROR_UNKNOWN_ISSUER

However, checking the certificate it was recreated today and is valid for the domain mentioned and up to date.

Any clues please?

Baffled me completely and I am used to command line etc. (but not wordpress) to fins issues… ONLY clue is that I have non-used certifcate for www.watchetwebdesign.co.uk that DID expire in 2017 and is linked to the server root only.

1 Like
2

PS - certbot installation shows:-
IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/themarinerwatchet.co.uk/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/themarinerwatchet.co.uk/privkey.pem
    Your cert will expire on 2020-04-27. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

.co.uk and .com are the same site and certificate covers both domains, www and no www

1 Like
3

Hi @JRWatchet

checking your domain there are some self signed certificates - https://check-your-website.server-daten.de/?q=themarinerwatchet.com

And one Letsencrypt certificate:

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2020-01-05 2020-04-04 themarinerwatchet.co.uk, themarinerwatchet.com, www.themarinerwatchet.co.uk, www.themarinerwatchet.com - 4 entries

It's an Apache, what says

apachectl -S
1 Like
4

Thanks
trying to digest this!

There are to my knowledge one self signed and expired certs for watchetwebdesign.co.uk but the mariners is up to date. i have used certbot to change all fo my domains to https with no problem at all - it is only this wordpress site with problems and I can not find why it is reproting this date. The .conf file for the domain is correct and updated by certbot to point to correct certificate.

the apachectl -S shows nothing wrong

I will try later to remove the wwdesign certs completely but someone else put there, so need to find dependancies before I do so

Your link is really useful so thanks for that
John

1 Like
5

ps
there are currently 13 letsencrypt certificates on the server

1 Like
6

further checking the report seems to be so that something is picking up the ebdesign ceretifcate but can not find where from yet
John

7

FOUND IT!

many thanks for suggestions. might be useful for others. The wordpress site was trying to access an unused (not needed) certificate for the server root.

Cut a long, long story short, In the ServerAlias lists in the virtualhost file had “lost” or I had typed wrong, the ServerName directive and only had all the ServerAlias directives, so (can’t find any documentation) if the ServerName directive is missing, then looks to the root FIRST. Our root was server.watchet.net which displayed holding page but adding https://server.watchet.net did not but jumped to our faulty page https://themarinerwatchet.co.uk

Great learning curve, but this migh tbe useful to others

John
UK

2 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.