~~~~~~~~~~~~ IMPORTANT INFORMATION -- Please read! ~~~~~~~~~~~~

1. The "search..." box above searches the Docs & Forum Posts. The "Search" tab above just searches the Forum Posts. :side:
Please use these to search for your issue *before* creating a new message topic, as your issue may have been previously solved.
2. Please put your Club # and Club Web Address in your Forum Signature (best) OR in each post to get faster support from us.
Click here to edit your signature at the bottom of the Profile Information tab.
3. Our user and admin docs are available at: support.toastmastersclubs.org/doc "There's a doc for that!" ;)
4. There is an "Opt In" Feature for newly added members. The Opt In document explains the [strike]strikethrough[/strike] member information. Click Here to View the Post
5. When posting a New Topic , please include all relevant details and be specific. When did your issue 1st occur? What operating system, browser, & browser version are you using? Did you refresh your browser cache? Are your cookies enabled? Lastly, a screen shot is often helpful.
6. Please abide by the Terms of Use . We are volunteers contributing our spare time. We are happy to assist you, so long as you are respectful and courteous.
7. We are always looking for new FreeToastHost Ambassadors to join our team and support fellow Toastmasters in their use of the FreeToastHost website system. If you are familiar with the system and have some interest, send a Send Us a Private Message.

Expired Certificate Custom Domain Name

More
3 years 9 months ago #85290 by toastmasterdonna
Expired Certificate Custom Domain Name was created by toastmasterdonna
Using MAC
Club Number 9582
Custom Domain Name www.redbanktoastmasters.com
Initial Popup says This Connection is not Private 
Safari warns when a website has an expired certificate
"R3" Certificate is expired
Let's Encrypt is the listed organization
Not a Tech Person,  Where do I start to solve this issue?
Using 9582.toastmastersclubs.org does work.
 
The topic has been locked.
More
3 years 9 months ago - 3 years 9 months ago #85291 by SteveTheTechie
Replied by SteveTheTechie on topic Expired Certificate Custom Domain Name
Works for me.  Not seeing a problem.  Both custom domain and cert seem to be valid and working.
Code:
[Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Domain List (2 domains) = redbanktoastmasters.com www.redbanktoastmasters.com [Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Crypt::LE Module Version = 0.36 [Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Let's Encrypt API version = 2 [Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Loaded/generated Let's Encrypt account key. [Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Loaded/generated private key for Certificate Signing Request (CSR) and loaded/generated encrypted CSR for these domains [redbanktoastmasters.com www.redbanktoastmasters.com]. [Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Registered/re-registered with ACME server and accepted Terms of Service. Account ID = 14899026 [Sat Sep 18 08:27:20 2021 GMT - Renewal Loop] Created token file [/tmp/certvalidation/acme-challenge/oLOkWpWDaIisIC-AaR1XtMP6Ey9GSpJcHaEaPynTP_A] for domain verification. [Sat Sep 18 08:27:20 2021 GMT - Renewal Loop] Created token file [/tmp/certvalidation/acme-challenge/w4YqbQaYPdWNzZnosLou1B3VTwljFONYCqmm6EIDAhI] for domain verification. [Sat Sep 18 08:27:22 2021 GMT - Renewal Loop] Domain verification results for 'redbanktoastmasters.com': success. [Sat Sep 18 08:27:22 2021 GMT - Renewal Loop] Deleted token file [/tmp/certvalidation/acme-challenge/oLOkWpWDaIisIC-AaR1XtMP6Ey9GSpJcHaEaPynTP_A] used for domain verification. [Sat Sep 18 08:27:32 2021 GMT - Renewal Loop] Domain verification results for 'www.redbanktoastmasters.com': success. [Sat Sep 18 08:27:32 2021 GMT - Renewal Loop] Deleted token file [/tmp/certvalidation/acme-challenge/w4YqbQaYPdWNzZnosLou1B3VTwljFONYCqmm6EIDAhI] used for domain verification. [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] SSL certificate successfully created for the following domains [redbanktoastmasters.com www.redbanktoastmasters.com] (CLUB 9582). [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File already exists: /etc/httpd/conf/ssl.csr/redbanktoastmasters.com.csr [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File already exists: /etc/httpd/letsencrypt.key [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File created: /etc/httpd/conf/ssl.crt/redbanktoastmasters.com.crt [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File created: /etc/httpd/conf.d/ssl_redbanktoastmasters.com_tld.conf [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File already exists: /etc/httpd/conf/ssl.key/redbanktoastmasters.com.key [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] Cert Expires: Fri Dec 17 07:27:31 2021 UTC [redbanktoastmasters.com.crt]
Last edit: 3 years 9 months ago by SteveTheTechie.
The topic has been locked.
More
3 years 9 months ago - 3 years 9 months ago #85292 by WesR
Replied by WesR on topic Expired Certificate Custom Domain Name
I am seeing the same issue.  It happens on a Macintosh MacOSX.  Does not happen on Windows.  On Mac the issue is present in Chrome and Safari.  On Windows, Chrome it works.
Seems to be an issue specific to Macintosh.

Here are two more Custom Domain Names where the issue happens on MacOS but not on Windows:
sterlingtoastmasters.org
fstoastmasters.org

Error = "R3" certificate is expired

Best Regards,
~ Wes
Club #5160 and 980049
Last edit: 3 years 9 months ago by WesR. Reason: add club numbers
The topic has been locked.
More
3 years 9 months ago #85300 by andy_yan
Replied by andy_yan on topic Expired Certificate Custom Domain Name
I have the same issue. It has to do with the intermediate certificate in the chain, not the final certificate with the custom domain on it.

You can verify it  www.ssllabs.com/ssltest/analyze.html?d=r...s.com&hideResults=on

After it loads, if you scroll down to the Additional Certificates section, it will say the chain is incomplete because the intermediate certificate in the chain has expired. The server needs to send back the correct unexpired intermediate certificate in the chain to fix it.

Try it in a different browser/computer if you're unable to reproduce. It gives the certificate warning in all browsers I try it in (I'm using an Apple device).

Please fix ASAP! Thank you!
The topic has been locked.
More
3 years 9 months ago - 3 years 9 months ago #85307 by SteveTheTechie
Replied by SteveTheTechie on topic Expired Certificate Custom Domain Name
Ok, thanks for the follow-up posts.  Based on what you are telling me, I am guessing this might be an issue that only LetsEncrypt can fix...  let me look into this.

I only use Windows computers, so I have no way to reproduce it for myself, but I will look into it.   Perhaps Brian or Pam have Macs and can try to load one of your websites via the custom domain to reproduce it.
Last edit: 3 years 9 months ago by SteveTheTechie.
The topic has been locked.
More
3 years 9 months ago - 3 years 9 months ago #85309 by SteveTheTechie
Replied by SteveTheTechie on topic Expired Certificate Custom Domain Name
Here is some information I found...  (yes, I know it is technical)

techcrunch.com/2021/09/21/lets-encrypt-root-expiry/
community.letsencrypt.org/t/certbot-user...nuary-11-2021/138059
scotthelme.co.uk/lets-encrypt-old-root-expiration/

What I am inferring from skimming the above is that you maybe should insure that your system software and browsers are up to date.
Additionally, we can try to regenerate your certs to see if that forces an updated reference to the new root certificate that they seem to have switched to.
Last edit: 3 years 9 months ago by SteveTheTechie.
The topic has been locked.
Time to create page: 0.108 seconds

Copyright © 2025 FreeToastHost 3 Support. All Rights Reserved.