When I go to my site from google, I get an expired HTTPS certificate warning (standardsolver.com). I have the set the HTTPS certificate to auto-renew in pythonanywhere using lets encrypt. Any idea how to solve this. if I directly enter the address in my computer it works ok but when I tried it in another PC it gives certificate expired warning. Any idea how to fix it? Most of my traffic comes from google so it will be a disaster for the site.,
image of the error
https://ibb.co/nQcghNq
Hi, I see you we have an email conversation as well, so let's continue there.
I've got the same problem. Can someone post the solution the forum, please, rather than replying in email?
It looks like your certificate was renewed this morning.
Hi Glenn, We switched our configuration to "No Certificate" and back to "Auto-renewed Let's Encrypt certificate" in an attempt to force an update. Would that have triggered the new certificate you're now seeing? However, we're still getting the NET::ERR_CERT_DATE_INVALID error. Does the updated certificate need to propagate through the system before we see correct behaviour? If so, how long does that take? Also, why did the problem occur in the first place? The certificate is set to auto-renew but has been out of date for 13 days.
That sounds like your browser has cached the old certificate. We try to renew the certificates before they need to be renewed and it looks to me like the certificate was correctly renewed on the first attempt, so I don't think it was ever really expired. I do not know why your browser may be saying that it is expired. Use the tools in your browser to inspect the certificate to see when it was issued and by which authority.
It's definitely been expired since 9th October - we've had customer reports. When I use any of the SSL checkers (e.g. https://decoder.link/sslchecker/pomora.com/443), it still reports that the certificate on our site was valid from 11th July 2023 until 9th October 2023. The serial number for the certificate is 36a29d81497d52d380b3e30cc8f051cfb1e.
Where are the certificates stored within our filestore? How can I force a refresh of the certificates?
pomora.com is not hosted on PythonAnywhere. www.pomora.com is your web app. You will need to check with whoever is hosting pomora.com to find out what to do about that certificate.
Thanks, Glenn. We've managed to get to the bottom of it and are posting the solution here in case it helps anyone else. The part of all this which was confusing us is that we have 2x SSL certificates - one for www.pomora.com and one for the naked domain pomora.com. The certificate for www.pomora.com is managed by PythonAnywhere using the "Auto-renewing Let's Encrypt certificate" option within our web settings. We redirect all HTTP naked domain traffic via our DNS provider. The problem we had was specific to the redirection of HTTPS traffic to our naked domain. This redirection is managed by NakedSSL which is the recommended HTTPS redirection option per https://help.pythonanywhere.com/pages/NakedDomains/. It is NakedSSL who manage our second SSL certificate on the naked domain. Slightly confusingly, NakedSSL also uses Let's Encrypt to auto-renew our second certificate and for some (unknown) reason, this auto-renew had failed for us. We emailed the NakedSSL helpdesk on hello@nakedssl.com and they renewed the certificate for us within 24 hours.
Interesting. We never heard about problem like that with NakedSSL. Good to hear that they were able to fix it.
standardcalc
|
4
posts
|
pafk
|
3210
posts
|
PythonAnywhere staff
|
