Certificates Not Renewing

#1

I installed the Certify SSL/TLS Certificate management software on my server and have been able to add SSL Certs for my domains. They seem to be working properly. However, it seems randomly that the certs stop working and i get the browser unsecured warnings randomly. When this occurs, i have to delete the cert using the software and re-install it to get it to work again.

I tried updating to the most recent version of the software but it still seems to be an issue. The software shows that the cert is not expired yet. for example, i have a domain, exit2eden.com that doesn’t expire for another 33 days but it stopped working all of a sudden.

Any idea why this would be occuring. Here is the log for that domain. Any thoughts?

0 Likes

#2

It seems to be a server configuration problem of some sort. The handshake doesn’t appear to happen properly so the certificate never is exchanged. All I can glean is that you’re using IIS/8.5 with a redirect to HTTPS. But when “Client Hello” is sent, nothing further happens.

Presumably Certify is installing a certificate for some duration and something about your server is breaking independently.

0 Likes

#3

Hi,
Can you please email the logs of the affected managed certificates to support at certifythweb.com

As @jljtgr mentioned there is something unusual about your server configuration overall (is there something else installed that uses port 443?). Did you delete the certificate from the computer certificate store but the binding still points to it?

When you get a warning from the browser that your page is not secure often you can click on the https padlock icon to view more about the certificate problem. That usually reveals that either no certificate is being presented or that the wrong cert if being used.

The most common reasons are:

  • the certificate for your https binding has been deleted (no certificate to use)
  • you have an IP specific ssl binding that conflicts with the other https bindings on your server (wrong certificate being served). Generally avoid IP specific (non-SNI) SSL cert bindings unless you understand everything about the difference between SNI and non-SNI certificate bindings and you are prepared to fix the problems they cause.
  • you have possibly used an IIS lockdown tool to improve your security grade and accidentally disabled the protocols required by the browser.
0 Likes