SSL

G

gasonline

New member
Joined
Mar 31, 2021
Messages
2
Hello,

Yesterday I updated DA and all my domains now show error with SSL, all SSL with Let's Encrypt

NET::ERR_CERT_AUTHORITY_INVALID
Subject: localhost
Issuer: The original certificate provided by the web server is untrusted.
Expires on: 6 dic 2047
Current date: 31 mar 2021

PEM encoded chain:-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxetcetcetc
etc
etc
-----END CERTIFICATE-----

Some suggestion?

Thanks.
JM
 
gasonline said:
from whoHello,

Yesterday I updated DA and all my domains now show error with SSL, all SSL with Let's Encrypt

NET::ERR_CERT_AUTHORITY_INVALID
Subject: localhost
Issuer: The original certificate provided by the web server is untrusted.
Expires on: 6 dic 2047
Current date: 31 mar 2021

PEM encoded chain:-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxetcetcetc
etc
etc
-----END CERTIFICATE-----

Some suggestion?

Thanks.
JM
Click to expand...
It just says that the CA that has signed the certificate is not trusted by the system.

So my first question would be: Did you verify that the certificate is still what you believe it is. (Since it could be a self signed certificate because of the update. But I do not know if DirectAdmin can do this in the first place but just to be safe.)

Otherwise this can mean 2 things:
1. The CA (in this case Let’s Encrypt if I read correctly) is not trusted by the OS/System.
2. The CA IS NOT from who you think it is. (Its saying the CA is Let’s Encrypt while not matching the publicly known signature of the Let’s Encript CA.

As on how to proceed:
Its now important to check whether or not its case 1 or 2. This can be done by confirming or eliminating option 2. (As on how to do this, that up to you since there is no “one size fits all” check the authenticity of the CA.)

And my thoughts:
I think is very unlikely its option 2 since it worked before. VBut that does not mean we do not need to rule it out.
Also a possible quick fix is to rerun the let’s encrypt issue script so you get new certificates. (Do note that by doing this its not possible to find out where it went wrong but is also 99% of the time a quick fix.)
 
realcryptonight said:
It just says that the CA that has signed the certificate is not trusted by the system.

So my first question would be: Did you verify that the certificate is still what you believe it is. (Since it could be a self signed certificate because of the update. But I do not know if DirectAdmin can do this in the first place but just to be safe.)

Otherwise this can mean 2 things:
1. The CA (in this case Let’s Encrypt if I read correctly) is not trusted by the OS/System.
2. The CA IS NOT from who you think it is. (Its saying the CA is Let’s Encrypt while not matching the publicly known signature of the Let’s Encript CA.

As on how to proceed:
Its now important to check whether or not its case 1 or 2. This can be done by confirming or eliminating option 2. (As on how to do this, that up to you since there is no “one size fits all” check the authenticity of the CA.)

And my thoughts:
I think is very unlikely its option 2 since it worked before. VBut that does not mean we do not need to rule it out.
Also a possible quick fix is to rerun the let’s encrypt issue script so you get new certificates. (Do note that by doing this its not possible to find out where it went wrong but is also 99% of the time a quick fix.)
Click to expand...
And it just cought my eye but how is that certificate valid till 2047? (Let’s Encrypt certificates are only valid for a max of 90 days.)
So is extremely possible that the certificate is not what you think it is.
 
Hello,

Thanks realcryptonight,... at the end I reinstalled DA and now all fine.
 
You must log in or register to reply here.
Back
Top