Client's SSL certificate suddenly invalid?

[junglecat]

WHM 10.8.0 cPanel 10.8.2-R119
Fedora i686 - WHM X v3.1.0

I searched the forums and didn't find this one. A client uses a SSL cert for her site. I installed it for her several months ago and no issues until now.

For the last several days, when you visit the client's site, you get a popup saying Website certified by an unknown authority.

The client contacted the cert issuer and they said the problem is on the server end. I tried reinstalling and the server says the certificate is invalid.

I rebuilt apache and that didn't help. How can I troubleshoot this?

 

[sfxx]

Make sure what the popup error says.
I guess the error is either related to
-hostname
-Expiration date


Does it say it's expired?
Or, are you accessing the site with the correct hostname?
(if the cert is obtained with a hostname "www.domain.tld", you get error if you access the site with an URL "domain.tld" with out "www")

Hope this helps.

 

[junglecat]

It's not expired. I've gone to the site with and without the www and the same thing happens.

Here is what it says:

When you click examine certificate, this is what comes up:

 

[astopy]

I'm having exactly the same problem with my certificate for WHM/cPanel. Since I updated to cPanel 10.8.2 the other day, firefox complains that it doesn't recognise the certifying authority. However, it has no problem with another cert on another (non-cpanel) server from the same authority.

 

[jester.ro]

well, it seems normal to me?

is gpt-pal.com a trusted issuer for certificates?

That looks like a self-signed certificate. For a certificate to not give that warning, the issuer has to be listed in firefox as a trusted certification authority (like geotrust, verisign, equifax)

The issuer has to be a trusted authority.

 

[junglecat]

well, it seems normal to me?

is gpt-pal.com a trusted issuer for certificates?

That looks like a self-signed certificate. For a certificate to not give that warning, the issuer has to be listed in firefox as a trusted certification authority (like geotrust, verisign, equifax)

The issuer has to be a trusted authority.

Why was it working for months and then suddenly not working? What exactly is a "self signed" certificate. The certificate was purchased from a trusted issuer.

 

[sfxx]

I don't know why it was working fine, but "self signed" certificate is a cert you create on your own.(For example, you can create one with WHM).
If you have purchased one from a trusted authority, try re-installing the cert.

 

[junglecat]

I don't know why it was working fine, but "self signed" certificate is a cert you create on your own.(For example, you can create one with WHM).
If you have purchased one from a trusted authority, try re-installing the cert.

As I said in my first post, I tried reinstalling and the server says the certificate is invalid.
The company that issued the certificate says the problem is on the server end.

 

[sfxx]

You should make sure that the cert file "/usr/share/ssl/certs/doman.crt" is actually updated.
And restart httpd.

 

[junglecat]

You should make sure that the cert file "/usr/share/ssl/certs/doman.crt" is actually updated.
And restart httpd.

/usr/share/ssl/certs/domain.crt doesn't exist. Where else would I look for domain.crt ?

 

[sfxx]

You might want to try this

locate gpt-pal.com.crt