Welcome, Guest
Username: Password: Remember me
Forgot your password? Forgot your username? Create an account
Forum
Support Requests
Public Forums
Support Requests
Expired Certificate Custom Domain Name
×

~~~~~~~~~~~~ IMPORTANT INFORMATION -- Please read! ~~~~~~~~~~~~

1. The "search..." box above searches the Docs & Forum Posts. The "Search" tab above just searches the Forum Posts. :side:
Please use these to search for your issue *before* creating a new message topic, as your issue may have been previously solved.
2. Please put your Club # and Club Web Address in your Forum Signature (best) OR in each post to get faster support from us.
Click here to edit your signature at the bottom of the Profile Information tab.
3. Our user and admin docs are available at: support.toastmastersclubs.org/doc "There's a doc for that!" ;)
4. There is an "Opt In" Feature for newly added members. The Opt In document explains the strikethrough member information. Click Here to View the Post
5. When posting a New Topic , please include all relevant details and be specific. When did your issue 1st occur? What operating system, browser, & browser version are you using? Did you refresh your browser cache? Are your cookies enabled? Lastly, a screen shot is often helpful.
6. Please abide by the Terms of Use . We are volunteers contributing our spare time. We are happy to assist you, so long as you are respectful and courteous.
7. We are always looking for new FreeToastHost Ambassadors to join our team and support fellow Toastmasters in their use of the FreeToastHost website system. If you are familiar with the system and have some interest, send a Send Us a Private Message.
  • Page:
  • 1

TOPIC:

Expired Certificate Custom Domain Name 2 years 7 months ago #85290

  • toastmasterdonna
  • toastmasterdonna's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thank you received: 0
Using MAC
Club Number 9582
Custom Domain Name www.redbanktoastmasters.com
Initial Popup says This Connection is not Private 
Safari warns when a website has an expired certificate
"R3" Certificate is expired
Let's Encrypt is the listed organization
Not a Tech Person,  Where do I start to solve this issue?
Using 9582.toastmastersclubs.org does work.
 
Donna
Club 9582
RedBankToastmasters.com
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85291

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • FreeToastHost Developer
  • Posts: 13529
  • Thank you received: 3831
Works for me.  Not seeing a problem.  Both custom domain and cert seem to be valid and working.
[Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Domain List (2 domains) = redbanktoastmasters.com www.redbanktoastmasters.com

[Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Crypt::LE Module Version = 0.36

[Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Let's Encrypt API version = 2 [Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Loaded/generated Let's Encrypt account key.

[Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Loaded/generated private key for Certificate Signing Request (CSR) and loaded/generated encrypted CSR for these domains [redbanktoastmasters.com www.redbanktoastmasters.com].

[Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Registered/re-registered with ACME server and accepted Terms of Service. Account ID = 14899026

[Sat Sep 18 08:27:20 2021 GMT - Renewal Loop] Created token file [/tmp/certvalidation/acme-challenge/oLOkWpWDaIisIC-AaR1XtMP6Ey9GSpJcHaEaPynTP_A] for domain verification.

[Sat Sep 18 08:27:20 2021 GMT - Renewal Loop] Created token file [/tmp/certvalidation/acme-challenge/w4YqbQaYPdWNzZnosLou1B3VTwljFONYCqmm6EIDAhI] for domain verification.

[Sat Sep 18 08:27:22 2021 GMT - Renewal Loop] Domain verification results for 'redbanktoastmasters.com': success.

[Sat Sep 18 08:27:22 2021 GMT - Renewal Loop] Deleted token file [/tmp/certvalidation/acme-challenge/oLOkWpWDaIisIC-AaR1XtMP6Ey9GSpJcHaEaPynTP_A] used for domain verification.

[Sat Sep 18 08:27:32 2021 GMT - Renewal Loop] Domain verification results for 'www.redbanktoastmasters.com': success.

[Sat Sep 18 08:27:32 2021 GMT - Renewal Loop] Deleted token file [/tmp/certvalidation/acme-challenge/w4YqbQaYPdWNzZnosLou1B3VTwljFONYCqmm6EIDAhI] used for domain verification.

[Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] SSL certificate successfully created for the following domains [redbanktoastmasters.com www.redbanktoastmasters.com] (CLUB 9582).

[Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File already exists: /etc/httpd/conf/ssl.csr/redbanktoastmasters.com.csr

[Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File already exists: /etc/httpd/letsencrypt.key

[Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File created: /etc/httpd/conf/ssl.crt/redbanktoastmasters.com.crt

[Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File created: /etc/httpd/conf.d/ssl_redbanktoastmasters.com_tld.conf

[Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File already exists: /etc/httpd/conf/ssl.key/redbanktoastmasters.com.key

[Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] Cert Expires: Fri Dec 17 07:27:31 2021 UTC [redbanktoastmasters.com.crt]
Regards,

Steve James, DTM
FreeToastHost System Developer
Officer Emeritus, Mindful Communicators (Club 1966, District 52) A President's Distinguished Club for each of the last 10 years.

>>> Please put your club number in your forum profile. CLICK here to edit your profile.
Last edit: by SteveTheTechie.
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85292

  • WesR
  • WesR's Avatar
  • Offline
  • Junior Member
  • Junior Member
  • Posts: 32
  • Thank you received: 5
I am seeing the same issue.  It happens on a Macintosh MacOSX.  Does not happen on Windows.  On Mac the issue is present in Chrome and Safari.  On Windows, Chrome it works.
Seems to be an issue specific to Macintosh.

Here are two more Custom Domain Names where the issue happens on MacOS but not on Windows:
sterlingtoastmasters.org
fstoastmasters.org

Error = "R3" certificate is expired

Best Regards,
~ Wes
Club #5160 and 980049
Last edit: by WesR. Reason: add club numbers
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85300

  • andy_yan
  • andy_yan's Avatar
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thank you received: 0
I have the same issue. It has to do with the intermediate certificate in the chain, not the final certificate with the custom domain on it.

You can verify it www.ssllabs.com/ssltest/analyze.html?d=r...s.com&hideResults=on

After it loads, if you scroll down to the Additional Certificates section, it will say the chain is incomplete because the intermediate certificate in the chain has expired. The server needs to send back the correct unexpired intermediate certificate in the chain to fix it.

Try it in a different browser/computer if you're unable to reproduce. It gives the certificate warning in all browsers I try it in (I'm using an Apple device).

Please fix ASAP! Thank you!
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85307

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • FreeToastHost Developer
  • Posts: 13529
  • Thank you received: 3831
Ok, thanks for the follow-up posts.  Based on what you are telling me, I am guessing this might be an issue that only LetsEncrypt can fix...  let me look into this.

I only use Windows computers, so I have no way to reproduce it for myself, but I will look into it.   Perhaps Brian or Pam have Macs and can try to load one of your websites via the custom domain to reproduce it.
Regards,

Steve James, DTM
FreeToastHost System Developer
Officer Emeritus, Mindful Communicators (Club 1966, District 52) A President's Distinguished Club for each of the last 10 years.

>>> Please put your club number in your forum profile. CLICK here to edit your profile.
Last edit: by SteveTheTechie.
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85309

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • FreeToastHost Developer
  • Posts: 13529
  • Thank you received: 3831
Here is some information I found...  (yes, I know it is technical)

techcrunch.com/2021/09/21/lets-encrypt-root-expiry/
community.letsencrypt.org/t/certbot-user...nuary-11-2021/138059
scotthelme.co.uk/lets-encrypt-old-root-expiration/

What I am inferring from skimming the above is that you maybe should insure that your system software and browsers are up to date.
Additionally, we can try to regenerate your certs to see if that forces an updated reference to the new root certificate that they seem to have switched to.
Regards,

Steve James, DTM
FreeToastHost System Developer
Officer Emeritus, Mindful Communicators (Club 1966, District 52) A President's Distinguished Club for each of the last 10 years.

>>> Please put your club number in your forum profile. CLICK here to edit your profile.
Last edit: by SteveTheTechie.
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85310

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • FreeToastHost Developer
  • Posts: 13529
  • Thank you received: 3831
It also appears that our Perl cert generation library module is not the most recent.   (metacpan.org/dist/Crypt-LE/changes ... we are currently using v0.36)  Let us update that module and see if regenerating certs with the updated module code makes a difference.
Regards,

Steve James, DTM
FreeToastHost System Developer
Officer Emeritus, Mindful Communicators (Club 1966, District 52) A President's Distinguished Club for each of the last 10 years.

>>> Please put your club number in your forum profile. CLICK here to edit your profile.
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85311

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • FreeToastHost Developer
  • Posts: 13529
  • Thank you received: 3831
I updated our Perl library module to latest version.

I renewed the following certs for 
Regards,

Steve James, DTM
FreeToastHost System Developer
Officer Emeritus, Mindful Communicators (Club 1966, District 52) A President's Distinguished Club for each of the last 10 years.

>>> Please put your club number in your forum profile. CLICK here to edit your profile.
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85312

  • Pam
  • Pam's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 3609
  • Thank you received: 1071
Steve, I can reproduce on iPad.  There is an option to visit the website if you trust it, after which I can't reproduce it again for that site.
Pam Holley, DTM
FreeToastHost Ambassador
Redlands Toastmasters Club, Secretary 2023-2024 redlands.toastmastersclubs.org/
HOT, President 2023-2024 hot.toastmastersclubs.org
The following user(s) said Thank You: SteveTheTechie
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85313

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • FreeToastHost Developer
  • Posts: 13529
  • Thank you received: 3831
Running into some issues w/ the connection to the LetsEncrypt server... need to confer with Brian a bit.
Regards,

Steve James, DTM
FreeToastHost System Developer
Officer Emeritus, Mindful Communicators (Club 1966, District 52) A President's Distinguished Club for each of the last 10 years.

>>> Please put your club number in your forum profile. CLICK here to edit your profile.
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85314

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • FreeToastHost Developer
  • Posts: 13529
  • Thank you received: 3831

I have the same issue. It has to do with the intermediate certificate in the chain, not the final certificate with the custom domain on it.

You can verify it www.ssllabs.com/ssltest/analyze.html?d=r...s.com&hideResults=on

After it loads, if you scroll down to the Additional Certificates section, it will say the chain is incomplete because the intermediate certificate in the chain has expired. The server needs to send back the correct unexpired intermediate certificate in the chain to fix it.

Try it in a different browser/computer if you're unable to reproduce. It gives the certificate warning in all browsers I try it in (I'm using an Apple device).

Please fix ASAP! Thank you!

We really need your club number.
Regards,

Steve James, DTM
FreeToastHost System Developer
Officer Emeritus, Mindful Communicators (Club 1966, District 52) A President's Distinguished Club for each of the last 10 years.

>>> Please put your club number in your forum profile. CLICK here to edit your profile.
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85317

  • Brian
  • Brian's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 11675
  • Thank you received: 3881
Apple has to update the root certificate. Until then use the FireFox for MAC browser.

Thank you,

Brian McDonald DTM, PDD D61
FTH Lead Technical Support
member Cataraqui Valley Toastmaster 9560
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85318

  • columbiatm
  • columbiatm's Avatar
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thank you received: 0
The problem is that the FreeToastHost server is configured to send back the wrong intermediate certificate in the chain. This article explains Let’s Encrypt’s new root and intermediate certificates: letsencrypt.org/2020/09/17/new-root-and-intermediates.html

You can verify that the FreeToastHost server is incorrectly sending back the X3 intermediate certificate, even though it’s supposed to be sending back the R3 intermediate certificate here:  www.sslshopper.com/ssl-checker.html  As it says on that page, “The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate”

Although some implementations have some flexibility when verifying certificate chains, Apple is not at fault here. They are validating the chain properly. The correct way to fix this is to ensure the FreeToastHost server sends back the correct R3 intermediate certificate.

Let me know if you have any questions or need me to clarify further. As always, thank you for your work on FreeToastHost!
Club #3890961
Last edit: by columbiatm.
The topic has been locked.

Expired Certificate Custom Domain Name 2 years 7 months ago #85336

  • Brian
  • Brian's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 11675
  • Thank you received: 3881
We have applied a patch to work around Apple's issues.

Please try your sites now.

Thank you,

Brian McDonald DTM, PDD D61
FTH Lead Technical Support
member Cataraqui Valley Toastmaster 9560
The topic has been locked.
  • Page:
  • 1
Moderators: Pamrhtaylor3jliumarc33NotLiabledeedubbleyooNSBPhyllis Kirouac
Forum
Support Requests
Public Forums
Support Requests
Expired Certificate Custom Domain Name
Time to create page: 0.060 seconds
Powered by Kunena Forum