My web site’s SSL certificate (from LetsEncrypt) is expiring shortly. I created a new certificate that expires in 90 days. Both certificates show as “Issued” in the list of SSL certificates but the web site continues to use the old certificate. When I go to the “Install SSL Certificate” page, the “Certificate Details” are those of the new certificate. I clicked on the “Install SSL Certificate Automatically” button and I got the response “The SSL certificate has been installed! It may take up to 1 hour for it to become active.”
However, that was almost 6 hours ago, and the site is still using the old certificate.
Thanks for replying, but I’m not using a browser to view the certificate. I’m running openssl on a Linux box to fetch the active certificate directly from the web server. The server is returning the old certificate that is close to expiration instead of the new one, in spite of the fact that it reports that the new certificate is installed.
Thanks for replying, but as I said, I’m using Lets Encrypt and not Cloudflare. Lets Encrypt has worked up to now. If it no longer works and we are supposed to switch to Cloudflare then it would not make sense for the Lets Encrypt option to be offered as an option.
That might be part of the problem. Infinity Free sites are designed to be accessed by browsers. So none browser tools and SSL checkers often have problems, or are blocked out right. That said, using a browser the certificate is showing as due to expire in just under a month:
Fair enough, I just know a lot of the SSL checker websites dont work properly on Infinity Free sites.
The two are not mutually exclusive. Cloudflare provides DDOS protection, page caching and a few other tools. But you can still use your own SSL Certificate if you want to. However, if you set SSL mode to Full, Cloudflare will handle the SSL connection, so you don’t have to manually renew your certificate every 3 months.
Lets Encrypt certificate through the dashboard should still work, but a few people have had blips with it recently. I only recommended cloudflare because its easier in the long run, and provides extra services (such as DDOS protection) that might benefit you. But it is your choice, Noone was saying you are “supposed” to do it
Well then it’s probably the checkers themselves being blocked entirely. This problem is not exclusive to automated programs as browsers can clearly be blocked this way as well.
Moreover OP explicitly stated that from these checkers, the old certificate is returned. If this is the case then no certificates can be retrieved.
The problem with SSL checkers is not that they don’t work at all, it’s that they stumble on the fact that free hosting doesn’t allow uploading CA chains. That’s not a problem with web browsers, but any automated access (including SSL checkers) will have trouble validating the authenticity of the certificate.
They do still get the exact same data as browsers get, they are just a bit more strict in checking them.
In this particular case, there was actually a problem on our end resulting in uploaded certificates not being applied correctly on the servers. That issue should be fixed now though!
In this particular case, there was actually a problem on our end
resulting in uploaded certificates not being applied correctly on the
servers. That issue should be fixed now though!
Thanks. In the future, is there any way to notify you if this happens again? I wasted a lot of time trying to get the new certificate applied to the server, thinking I was doing something wrong on my end.
The problem with “reporting issues directly to us” is that it’s often not clear from the start if a problem you’re having is:
An issue on our end.
Intended behavior on our end that just doesn’t fit your use case.
Something you’re doing wrong.
Sometimes, it takes some going back and forth to figure out which of these three categories the issue you’re having falls into. So that’s why we prefer just treating everything as a support question and distill any platform issues from that.
