We have a domain with Let's encrypt certificates which are renewed every three months. However every time the certificate is near its expiry (today is 11th July, the certificate expires 21st July), I am receiving an email from Apple:
Apple Developer
Dear Admin,
Your website domain that uses Apple Pay has an SSL certificate that expires on Jul 21, 2022. After automatically trying to reverify your domain, we found that this SSL certificate has not been updated. Your domain is automatically checked 30 days, 15 days, and 7 days before this expiration date.
If you have an updated SSL certificate and the domain hasn't been successfully verified 7 days before expiration, please revalidate it manually by Jul 21, 2022 in Certificates, Identifiers & Profiles to ensure uninterrupted use of Apple Pay on your website.
However once the certificate is renewed, I always have to login into Apple developer console, download new apple-developer-merchantid-domain-association.txt and deploy it again to our website.
This is time consuming and inefficient. Is there other way to do this instead of reuploading this file every three months?
The current line of thinking is to renew certificates every 90 days. Apple is automatically checking, per your email, at 60, 75, and 82 days.
If you altered your Let’s Encrypt automation to renew your certificate every 50 days, Apple’s automatic checks should resolve the issue.
Per Apple's documentation:
If you update the SSL certificate before it expires, Apple detects the renewed certificate and the domain remains verified. No further action is required on your part.
Related
I had a server and host some sites on it
I used letsencrypt (certbot) for creating and renewing certificates for these
I took another server and moved the sites to it
And created new certificates for these sites on new sever by letsencrypt
Now I get emails from time to time "Let's Encrypt certificate expiration notice for domain..."
I look in a browser and certificates are valid for a couple month
I suspect that the emails are talking about certificates from the old server (I no longer have access for it)
How I can look all certificates that bound with my email and delete some of these?
Has anyone had issues with Lets Encrypt SSL certificates with Avast Internet Security?
We are getting some reports that Avast Internet Security is blocking the connection.
This is a screen shot from a clients computer (yes old windows, but still an issue regardless).
We have also had reports on a totally different server, hosted by a totally different company as well. Same error, but this time on a mobile device using chrome.
Has anyone come across this yet?
This might be related to one of the Lets Encrypt certificates expiring on September 30th, 2021.
Here's another question that talks about this: LetsEncrypt Certificate invalid/expired when seemingly not in PHPMailer, TLS, Openssl, file_get_contents, Sep 30 2021
I tried to show js problem at my https://streamgeeks-rebranded-dev.cloudns.cl/ site
But I got a feedback from one of users :
My connection block that site ^^
The security system of the network operator blocks me saying that it is "a possible malware" –
service
sslshopper.com/ssl-checker.html#hostname=https://streamgeeks-rebranded-dev.cloudns.cl
shows :
streamgeeks-rebranded-dev.cloudns.cl resolves to 18.198.221.45 Server Type: Apache/2.4.41 (Ubuntu) The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed). The certificate was issued by Let's Encrypt. The certificate will expire in 6 days. The hostname (streamgeeks-rebranded-dev.cloudns.cl) is correctly listed in the certificate.
I run manually :
sudo certbot renew --dry-run
after that I read :
The certificate will expire in 66 days
Could you please to run my site and say if you have any problems opening it ?
Thanks!
I've noticed that this question has been asked several times but none of the results provide a solution to my problem.
I am developing a website for a client. The website is http://www.entirelyintimate.com.
It is a dropshipping website that uses Paypal Pro for their checkout process.
We purchased and installed the SSL from Godaddy.
According to an SSL checker website, the chain and installation appears to be correct.
I removed all insecure content on the pages that need to be secured
1 example - https://www.entirelyintimate.com/checkout-complete
I checked the page on - whynopadlock.com and it appears to be good there.
But... I still receive the dreaded Error code: sec_error_revoked_certificate
I am pretty new to SSL so I could be overlooking something basic. Any help would be appreciated.
p.s. This community is really great. I come lurking here all of the time when I have questions. I do an automatic click when I see this website in the Google search results.
sec_error_revoked_certificate means that the certificate has been revoked.
Your certificate may be issued by a CA trusted by your browser and valid in time, but the CA may have revoked it, and your client is checking for revocation (which is recommended).
Certificate revocation is a mechanism that makes it possible to invalidate a certificate before its normal expiry time. Checking for revocation can be done via CRL or OCSP by the clients.
Typically, certificates are revoked upon request from the entity corresponding to that cert (i.e. the user or the server admin) if the private key has been compromised, if the CA decides the validating data wasn't sufficient after all, or perhaps automatically if the CA issues another certificate to the same entity.
A possible cause for the problem could be that you might have re-keyed your certificate, thereby making your CA revoke the old one. If you're still using the old one inadvertently (perhaps it's still available to your server in its keystore or equivalent) this error could happen.
Qualys SSL Labs's SSL checker is generally a more complete tool for checking your SSL/TLS configuration. It seems to indicate that your certificate has indeed been revoked.
The error cause is exactly as stated: the security certificate has been revoked.
You can verify it here by entering the checkout page address.
I am afraid you will need to check this with GoDaddy.
0x4F0DB30A63474B: revoked
This Update: Sep 11 17:52:23 2012 GMT
Next Update: Sep 11 23:52:23 2012 GMT
Reason: cessationOfOperation
Revocation Time: Sep 10 01:39:38 2012 GMT
any one getting this error today?
The site's security certificate has expired!
You attempted to reach login.yahoo.com, but the server presented an expired certificate. No information is available to indicate whether that certificate has been compromised since its expiration. This means Google Chrome cannot guarantee that you are communicating with login.yahoo.com and not an attacker. You should not proceed.
An SSL certificate has an expiry time. login.yahoo.com expires January, 4th next year (2011).
Your browser compares this date with your local system's date. So check, if your system clock isn't wrong.