Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: LetsEncrypt - SSL certificate is not valid

  1. #1
    Join Date
    Dec 2019
    Beans
    27

    LetsEncrypt - SSL certificate is not valid

    Distributor Ubuntu 18.04.6 LTS Release: 18.04

    since this morning I have found 5 domain names with following error message (LetsEncrypt certs)

    Code:
    SSL certificate is not valid: C = US, O = Internet Security Research Group, CN = ISRG Root X1 error 2 at 2 depth lookup: unable to get issuer certificate



    I then deleted these Letsencrypt certificates, but the error occurs again when I request a new certificate. These certificates were listed as successfully renewed in the letsencrypt log file ...
    something seems to be wrong with the root CA or Apache. There have been some updates recently regarding openssl as well.


    The problem only seems to occur with Ubuntu. With Debian 9 & 10 I cannot detect these errors.


    Does anyone have an idea how to solve this problem?

  2. #2
    Join Date
    Sep 2011
    Location
    Behind you!
    Beans
    1,567
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: LetsEncrypt - SSL certificate is not valid

    Did you add a proxy since the last time the certificate was validated?

  3. #3
    Join Date
    Dec 2019
    Beans
    27

    Re: LetsEncrypt - SSL certificate is not valid

    no proxy, I have just activated HTTP/2 but it also happen when I disable HTTP/2 incl apache restart.
    with Ubuntu the DST_Root_CA_X3 is disabled on Debian 9 it's still available
    [code]
    Code:
    /etc/ca-certificates.conf
    !mozilla/DST_Root_CA_X3.crt
    





  4. #4
    Join Date
    Dec 2019
    Beans
    27

    Re: LetsEncrypt - SSL certificate is not valid

    strange ... it only fails with Ubuntu 18.04.6 LTS
    I use the same configuration with Debian 9 & 10 and there it works ...
    that could be a worst case as i use many wordpress with letsencryt

  5. #5
    Join Date
    Dec 2019
    Beans
    27

    Re: LetsEncrypt - SSL certificate is not valid

    it happens also when I create a new certificate
    is there anything I can do to solve the problem?

  6. #6
    Join Date
    Sep 2011
    Location
    Behind you!
    Beans
    1,567
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: LetsEncrypt - SSL certificate is not valid

    I have upgraded all my servers to 20.04 long ago. I'm not experiencing that issue so I'm not sure what can be done to bandaid the issue if it really is an issue with certbot becoming out-of-date on Ubuntu 18.04.

    I'll check what version of certbot I have installed on 20.04...

    Code:
    apt search certbot-apache
    python3-certbot-apache/focal,focal,now 0.39.0-1 all [installed]
    What version do you have installed?

  7. #7
    Join Date
    Dec 2019
    Beans
    27

    Re: LetsEncrypt - SSL certificate is not valid

    it shows
    python-certbot-apache/bionic,bionic,bionic,bionic 0.23.0-1 all
    transitional dummy package

    python-certbot-apache-doc/bionic,bionic,bionic,bionic 0.23.0-1 all
    Apache plugin documentation for Certbot

    python3-certbot-apache/bionic,bionic,bionic,bionic 0.23.0-1 all
    Apache plugin for Certbot


  8. #8
    Join Date
    Dec 2019
    Beans
    27

    Re: LetsEncrypt - SSL certificate is not valid

    but as I said, I can request or renew a cert without issues, but the status shows:
    SSL certificate is not valid: C = US, O = Internet Security Research Group, CN = ISRG Root X1 error 2 at 2 depth lookup: unable to get issuer certificate

  9. #9
    Join Date
    Dec 2019
    Beans
    27

    Re: LetsEncrypt - SSL certificate is not valid

    it seems the user apache domain_ssl.conf is not created after a create or renew request ...

  10. #10
    Join Date
    Sep 2011
    Location
    Behind you!
    Beans
    1,567
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: LetsEncrypt - SSL certificate is not valid

    Quote Originally Posted by clusterix View Post
    it shows
    python-certbot-apache/bionic,bionic,bionic,bionic 0.23.0-1 all
    transitional dummy package

    python-certbot-apache-doc/bionic,bionic,bionic,bionic 0.23.0-1 all
    Apache plugin documentation for Certbot

    python3-certbot-apache/bionic,bionic,bionic,bionic 0.23.0-1 all
    Apache plugin for Certbot

    I do not see the [installed] text at the end. How did you install certbot? Compiled from source?

    Try these commands:
    Code:
    certbot --version
    certbot 0.40.0
    Code:
    which certbot
    /usr/bin/certbot
    Last edited by LHammonds; September 27th, 2021 at 04:00 PM.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •