From some point in July, all my 3 installations of Certify the Web have stopped registering renewed SSLs on the Certificate Transparency Logs (e.g. https://ssltools.digicert.com/checker/views/ctsearch.jsp) and the result is that if someone’s PC clock is not accurate (e.g. more than an hour out), then visitors to the websites affected get a Chrome error “NET:ERR_CERTIFICATE_TRANSPARENCY_REQUIRED”.
The logs all show the following which might be related: 2019-07-30 22:48:56.664 +01:00 [ERR] BeginCertificateOrder: creating/retrieving order. Retries remaining:2
Any guidance as to what might be causing this would be greatly appreciated. Thank you.
Hi, looks like your certs are appearing on at least some CT logs OK. Note that it’s Let’s Encrypt who do that CT log publish, not your servers:
https://crt.sh/?id=1762342488
and your cert config is excellent:
https://www.ssllabs.com/ssltest/analyze.html?d=www.planprint-it.co.uk
Your cert appears to be fine, the log error is actually an info message that’s incorrectly logged as a ERR type, real errors would be further down but if you are renewing OK the other thing to ensure is that your own server date/time is fully synced to an internet time server (to the nearest few seconds).
I’m assuming this is your own machine in the screenshot? Check chrome is fully updated.
Many thanks for your comments. The screenshot was from another machine which I will get the Chrome version checked. It may well not be the latest, as it’s a Win7 Pro machine, so that could explain the issue that occurred only when the PC clock was not in sync (the server clock is accurate).
