~~~ Please read before posting. ~~~

Important: We need your Club Number at a minimum, and as many details as possible.
For further info please read This page before posting.

Expired Certificate Custom Domain Name

  • toastmasterdonna
  • toastmasterdonna's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thanks: 0

Expired Certificate Custom Domain Name

3 years 11 months ago
#85290
Using MAC
Club Number 9582
Custom Domain Name www.redbanktoastmasters.com
Initial Popup says This Connection is not Private 
Safari warns when a website has an expired certificate
"R3" Certificate is expired
Let's Encrypt is the listed organization
Not a Tech Person,  Where do I start to solve this issue?
Using 9582.toastmastersclubs.org does work.
 
The topic has been locked.
  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 11526
  • Thanks: 3050

Re: Expired Certificate Custom Domain Name

3 years 11 months ago - 3 years 11 months ago
#85291
Works for me.  Not seeing a problem.  Both custom domain and cert seem to be valid and working.
Code:
[Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Domain List (2 domains) = redbanktoastmasters.com www.redbanktoastmasters.com [Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Crypt::LE Module Version = 0.36 [Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Let's Encrypt API version = 2 [Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Loaded/generated Let's Encrypt account key. [Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Loaded/generated private key for Certificate Signing Request (CSR) and loaded/generated encrypted CSR for these domains [redbanktoastmasters.com www.redbanktoastmasters.com]. [Sat Sep 18 08:27:19 2021 GMT - Renewal Loop] Registered/re-registered with ACME server and accepted Terms of Service. Account ID = 14899026 [Sat Sep 18 08:27:20 2021 GMT - Renewal Loop] Created token file [/tmp/certvalidation/acme-challenge/oLOkWpWDaIisIC-AaR1XtMP6Ey9GSpJcHaEaPynTP_A] for domain verification. [Sat Sep 18 08:27:20 2021 GMT - Renewal Loop] Created token file [/tmp/certvalidation/acme-challenge/w4YqbQaYPdWNzZnosLou1B3VTwljFONYCqmm6EIDAhI] for domain verification. [Sat Sep 18 08:27:22 2021 GMT - Renewal Loop] Domain verification results for 'redbanktoastmasters.com': success. [Sat Sep 18 08:27:22 2021 GMT - Renewal Loop] Deleted token file [/tmp/certvalidation/acme-challenge/oLOkWpWDaIisIC-AaR1XtMP6Ey9GSpJcHaEaPynTP_A] used for domain verification. [Sat Sep 18 08:27:32 2021 GMT - Renewal Loop] Domain verification results for 'www.redbanktoastmasters.com': success. [Sat Sep 18 08:27:32 2021 GMT - Renewal Loop] Deleted token file [/tmp/certvalidation/acme-challenge/w4YqbQaYPdWNzZnosLou1B3VTwljFONYCqmm6EIDAhI] used for domain verification. [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] SSL certificate successfully created for the following domains [redbanktoastmasters.com www.redbanktoastmasters.com] (CLUB 9582). [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File already exists: /etc/httpd/conf/ssl.csr/redbanktoastmasters.com.csr [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File already exists: /etc/httpd/letsencrypt.key [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File created: /etc/httpd/conf/ssl.crt/redbanktoastmasters.com.crt [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File created: /etc/httpd/conf.d/ssl_redbanktoastmasters.com_tld.conf [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] File already exists: /etc/httpd/conf/ssl.key/redbanktoastmasters.com.key [Sat Sep 18 08:27:33 2021 GMT - Renewal Loop] Cert Expires: Fri Dec 17 07:27:31 2021 UTC [redbanktoastmasters.com.crt]
Last edit: 3 years 11 months ago by SteveTheTechie.
The topic has been locked.
  • WesR
  • WesR's Avatar
  • Offline
  • Junior Member
  • Junior Member
  • Posts: 28
  • Thanks: 5

Re: Expired Certificate Custom Domain Name

3 years 11 months ago - 3 years 11 months ago
#85292
I am seeing the same issue.  It happens on a Macintosh MacOSX.  Does not happen on Windows.  On Mac the issue is present in Chrome and Safari.  On Windows, Chrome it works.
Seems to be an issue specific to Macintosh.

Here are two more Custom Domain Names where the issue happens on MacOS but not on Windows:
sterlingtoastmasters.org
fstoastmasters.org

Error = "R3" certificate is expired

Best Regards,
~ Wes
Club #5160 and 980049
Last edit: 3 years 11 months ago by WesR. Reason: add club numbers
The topic has been locked.
  • andy_yan
  • andy_yan's Avatar
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thanks: 0

Re: Expired Certificate Custom Domain Name

3 years 11 months ago
#85300
I have the same issue. It has to do with the intermediate certificate in the chain, not the final certificate with the custom domain on it.

You can verify it  www.ssllabs.com/ssltest/analyze.html?d=r...s.com&hideResults=on

After it loads, if you scroll down to the Additional Certificates section, it will say the chain is incomplete because the intermediate certificate in the chain has expired. The server needs to send back the correct unexpired intermediate certificate in the chain to fix it.

Try it in a different browser/computer if you're unable to reproduce. It gives the certificate warning in all browsers I try it in (I'm using an Apple device).

Please fix ASAP! Thank you!
The topic has been locked.
  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 11526
  • Thanks: 3050

Re: Expired Certificate Custom Domain Name

3 years 11 months ago - 3 years 11 months ago
#85307
Ok, thanks for the follow-up posts.  Based on what you are telling me, I am guessing this might be an issue that only LetsEncrypt can fix...  let me look into this.

I only use Windows computers, so I have no way to reproduce it for myself, but I will look into it.   Perhaps Brian or Pam have Macs and can try to load one of your websites via the custom domain to reproduce it.
Last edit: 3 years 11 months ago by SteveTheTechie.
The topic has been locked.
  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 11526
  • Thanks: 3050

Re: Expired Certificate Custom Domain Name

3 years 11 months ago - 3 years 11 months ago
#85309
Here is some information I found...  (yes, I know it is technical)

techcrunch.com/2021/09/21/lets-encrypt-root-expiry/
community.letsencrypt.org/t/certbot-user...nuary-11-2021/138059
scotthelme.co.uk/lets-encrypt-old-root-expiration/

What I am inferring from skimming the above is that you maybe should insure that your system software and browsers are up to date.
Additionally, we can try to regenerate your certs to see if that forces an updated reference to the new root certificate that they seem to have switched to.
Last edit: 3 years 11 months ago by SteveTheTechie.
The topic has been locked.
Moderators: BrianJane AtkinsonPamrhtaylor3marc33NotLiablejgavinLcala305peterb323DebbieT
Time to create page: 0.226 seconds

Copyright © 2025 FreeToastHost 3 Support. All Rights Reserved.