ERR_Certificate_Transparency_Required
Chrome is giving me this ERR_Certificate_Transparency_Required issue on a website, but it's the only browser doing it.
This is a cPanel, Inc. Certification Authority SSL certificate.
The certificate is on a server where other certificates work without issue and no other websites experience this. I checked at least three other sites that all have had certificates renewed in the past week and all of them work. Neither Edge or Firefox displays any kind of problem. The certificate has not expired, it was recently issued, and is for the correct hostname.
The transparency log indicates that the certificate has been logged properly, and it's neither revoked nor listed in any blocklists. The certificate appears valid and the timestamps show that it was recently issued.
From the SSL Labs output, the certificate appears to be valid and trusted across major platforms (Mozilla, Apple, Android, Java, Windows), with no revocation issues.
I have verified the following:
https://www.ssllabs.com/ssltest/analyze.html?d=cryogen.com
https://crt.sh/?id=14593138304
-
Hey there! I'm also not seeing anything obviously wrong with the certificate on my end. Maybe it would be best to report this to Chrome/Google since they are they only provider reporting an issue?
0 -
Had the exact same issue. Here is some insight.
cPRex you will need to check the Certificate Transparency Policy of the SSL certificate on the OP's domain. So try cryogen.com on this analyzer:
https://sslmate.com/labs/ct_policy_analyzer/
Then you will see that it fails with this issue (screenshot):
"SCTs from at least 2 distinct log operators are required, but only 1 were provided"This is a major problem. We had the exact same problem on our cPanel server. You will need to investigate further into the cause of this because other users on different cPanel powered servers are reporting the same problem.
To OP, a quick fix:
Go to WHM, then Manage SSL Hosts, and delete the certificate for that domain. Then load up Manage AutoSSL and switch from Sectigo to Let's Encrypt and run the AutoSSL afterwards. Wait a few minutes and then it should work.
Hopefully, cPRex and the cPanel team can chip in later in this thread with why this is happening.
Hope this insight helped! =)
2 -
I'll post the same thing I shared with you in Discord about this :D
We opened an upstream case with the SSL provider - basically there was an issue with certificates created between on September 18th between 07:54 am and 08:34 am UTC. Just reissue the cert and you'll be good, as you mentioned.0 -
Amazing. Thank you for this. I'll keep SSLmate in my bookmarks from now on.
Unreal that a window of 40 minutes caused this! I have reissued the cert and it is working now.
0 -
Glad to hear it!
0
Please sign in to leave a comment.
Comments
5 comments