ERROR TLS Status: Defective

OttoM

• May 30, 2020 08:45

Hello there, I have noticed some users complaining about ssl ceriticate for one of the domains of out server. I check the domain myself in various browsers and I don't see any problems. I went to check the AutoSSL logs and noticed some errors. .... 2:39:17 PM ERROR TLS Status: Defective Certificate expiry: 7/20/20, 12:00 AM UTC (50.43 days from now) ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (0:10:CERT_HAS_EXPIRED). ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (1:10:CERT_HAS_EXPIRED). ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (2:10:CERT_HAS_EXPIRED). ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (3:10:CERT_HAS_EXPIRED). ....
Could this be the reason some people facing problems with insecure website messages? I'm using cPanel (powered by Sectigo) provider. I have run yum update and tried to refresh the host. Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates is checked in the options. Many thanks Otto

• 

  tmcstom

  • May 30, 2020 14:33

  Most likely related to this

  0
• 

  OttoM

  • May 30, 2020 14:58

  Hi tmcstom, Thanks for the link, I believe it is related to this. Investigating now.

  0
• 

  OttoM

  • May 30, 2020 15:17

  I wish I knew what to do.... :confused:

  0
• 

  Bestest

  • May 30, 2020 16:41

  Ok, I had the same problem with autoSSL showing defective certificate on my subdomains. It has been solved by following the advise from the link from tmcstom that we should update everything on the server. Inside WHM interface, in the left column I simply needed to find and click on system update then software update and then cpanel update and then hard restart my whole server. I rerun the AutoSSL and it this time it went correctly and reinstalled the certificates and now all is green.

  0
• 

  lh_support

  • May 30, 2020 17:47

  I believe this error also related to the same cause. Any idea how this going to be resolved?

  0
• 

  IdleServ

  • May 30, 2020 18:04

  Same issue here for the hostname of our servers, the AddTrust Root Expiration has now expired which is causing some issues connecting to services such as IMAP. Our generated certificates don't expire until Feb 2021, so we need to get them reissued. I tried resetting the certificates in WHM > Manage Service SSL Certificates. This only generates a self-signed cert, so I ran [CODE=bash]/usr/local/cpanel/bin/checkallsslcerts
  but this just reinstalls the previous certificate because it is cached somewhere. Removing the key and certificate from WHM > SSL Storage Manager does not remove the cached cert. Still looking...

  0
• 

  Bestest

  • May 30, 2020 18:19

  Have you really updated everything on your server and restarted it?

  0
• 

  cPanelLauren

  • May 30, 2020 20:11

  Hey everyone, We are aware of this issue which was affecting updates, installations easyapache and AutoSSL certificates. I have some further information in the thread here:

  -3
• 

  OttoM

  • May 31, 2020 09:18

  Hi all, I can confirm that following this

  0
• 

  multimediadesignsllc

  • January 17, 2022 18:35

  2022 and I am having this problem. How do you check a certificates expiration. This is a upgraded/new set of hardward server for me.

  0
• 

  cPanelAnthony

  • January 19, 2022 22:46

  Hello! You can check a certificate's expiration with the following site.

  0
• 

  bellwood

  • January 20, 2022 12:34

  If you prefer a one-liner: [~] echo | openssl s_client -servername google.com -connect google.com:443 2>/dev/null | openssl x509 -noout -dates notBefore=Dec 27 06:02:11 2021 GMT notAfter=Mar 21 06:02:10 2022 GMT
  

  0

Please sign in to leave a comment.