Certificate expired on my website

Jeees, I thought it was just me!

I’m relatively new to CloudFlare and thought I had done something WRONG.

I just set up an SSL for PersonalInjuryHelpline.co.uk and was getting the EXPIRED ERROR .

Certificate 15 October 2018 - 25 October 2019.

I wish I’d [email protected]@Ked in here a couple of hours ago… :slightly_smiling_face:

I’ll just leave you too it and get off to bed… I’ve been at this all night and it’s now 10:35am.

Hopefully EVERYTHING will be working when I get Back Up in a few hours.

Maximum respect,

Robert.

Hi, this isn’t related to the other thread at all. Your website, when forced to HTTPS (it isn’t automatically redirecting), works just fine on my end.

Hey matto,

Were you referring to my website PersonalInjuryHelpline.co.uk?

If so are you getting it to work with the SSL.??

When I try to visit the website, either in Firefox of Chrome… I’m getting an unsecure warning and have to go into the advanced settings option to set an “EXCEPTION” before the browsers will let me past go.

And that’s when I can see that the certificate is out of date:

Period of validity;

Begins on - 15 October 2018
Expires on - 15 October 2019

Confused much…???

Now that you say it’s “Fine on your end”

Robert.

For me it’s working just fine, with a Cloudflare certificate on the www subdomain and a redirect to it from the root one. It isn’t automatically redirecting to HTTPS though, so when you open it with http:// in front it stays there.

I presume you have some issues with either a stale DNS record from the DNS server you are using or some rule within your hosts file.

Have you tried a different device on the same and/or on a different network?

Hey Matto,

I tried to access on my phone… Same problem - BIG WARNING - This website is unsecure??

I’ll try another computer

Don’t know if its something to do With GoDaddy (Registrar)

I have another domain on the same host “Host9” - With NameCheap.

When I set that up the other day… It JUST WORKED!!

Alright then, let’s go the slightly more technical route.

Do you have Windows or macOS/Linux?

OK tried another computer with an older browser…

Site loaded… But with Unsecure icon in browser bar.

When I clicked the error message… It returned this message;

The certificate is not trusted because it is self-signed.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Certificate chain:

-----BEGIN CERTIFICATE-----
MIIDiTCCAnGgAwIBAgIEDUBb9zANBgkqhkiG9w0BAQsFADAnMSUwIwYDVQQDDBxw
ZXJzb25hbGluanVyeWhlbHBsaW5lLmNvLnVrMB4XDTE4MTAxNTAzNTExMVoXDTE5
MTAxNTAzNTExMVowJzElMCMGA1UEAwwccGVyc29uYWxpbmp1cnloZWxwbGluZS5j
by51azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOglrAjyvZ6vVtNt
JGzorSQJHaRFY4nXabYlbND4d/tz9U9u2hZQWsD0F6cVCuIpeAz4tB52HmRS6GRF
8xmtvlLk68x1LFb4hhGU9pbBTxEuM0+uuCM5RxbePpZuOLr6MKylWn5F0msDzCp2
0U+mMPf5KbaZkNQj4yHyM2yYOz0XEG7yqVPvJ6DfqnnQ5QyQUd4qH9K3P90LB14w
JwlxQHYyuIXK1uyF8RZNDwfZ4hC6BeJBJy+NA5rM28Zm+kN9JZTx0Qxcoh9QX0Ju
8ldf+1ntuvBmIjQms7hSDoht6wm08B3WOT4IXfL3579MwMOJHDjgkxjl+a8SXTKg
rWctM6MCAwEAAaOBvDCBuTAdBgNVHQ4EFgQU1bQ/OtAsd2ppvM7P5aku7PRgtXcw
HwYDVR0jBBgwFoAU1bQ/OtAsd2ppvM7P5aku7PRgtXcwCQYDVR0TBAIwADBsBgNV
HREEZTBjghxwZXJzb25hbGluanVyeWhlbHBsaW5lLmNvLnVrgiFtYWlsLnBlcnNv
bmFsaW5qdXJ5aGVscGxpbmUuY28udWuCIHd3dy5wZXJzb25hbGluanVyeWhlbHBs
aW5lLmNvLnVrMA0GCSqGSIb3DQEBCwUAA4IBAQBUnL6POqH2CukXjm3G52izdtPs
ZSo21Spr1c3ij104zuKKs5zxK9tjxChqQUs5KigcnQTUB8HCZByTeMxkFPvNmYY9
Pp9kMr5Sa1+ITZ/ITgkRRbld4DT6kClC9/VDVcQvTKCKYyjC/8/HeF10X6AAcAom
cWEoGPZHtDrkSOupncTJbqcynDeaXy30Xv6cl9c+psWXIA/0VpeAd5oWoFe0mY1B
F7seUCmJe95bll3+0uD9d5X9AiAPacY6bqGEPmM55WqSj4B72Kxz+JX/E4m1KrI5
lY4CQWf9YEJLWCZBRb4yWCHQoYSxo+1AM95WmWMGBhR7P72rPeTSmsq7In4v
-----END CERTIFICATE-----

By the way…This is ALL above my pay-grade - I’m not used to getting involved so far into the Back-End of a website! - But it a good “Learning Curve” - Even if I don’t understand half of what your saying.

Robert.

■■■■ I was afraid of this - Windows 7 Home Premium

Went into the Force SSL Plugin - The website is on Wordpress, if that makes any difference?

Deactivated it - And Activated it again.

When I went to Test The Certificate;;;

I get this message;

“cURL error 60: SSL certificate problem: self signed certificate”

Means NOTHING to me

I’m also working my way down the " SSL Insecure Content Fixer" settings to see if that fixes my problem…

But reading between your lines… I think I’m just kidding myself on…!!! :frowning:

Maximum respect (to you)
Robert.

Trust me, it won’t be so hard.

First, please do not change settings from now on unless I tell you to do so, otherwise it may change things up mid tests.

First and most important thing: open the start menu, go into the search and type cmd. Press enter on that and it should open a terminal window (usually black background).

In there type nslookup followed by a space and your domain name. Let’s see what that returns.

OK so I had just went in and reset the insecure content fixer back to “Simple” because nothing made a diff.

That was before I saw your message “Do Not Change Settings” - so from her on it I won’t touch a thing unless you say so.

Now with the cmd - Heres what it returned - Wasn’t sure if I should put in the www or not so did both.

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Users\Robert Geddes>nslookup personalinjuryhelpline.co.uk
Server: dsldevice.lan
Address: 192.168.1.254

Non-authoritative answer:
Name: personalinjuryhelpline.co.uk
Address: 85.92.68.118

C:\Users\Robert Geddes>nslookup www.personalinjuryhelpline.co.uk
Server: dsldevice.lan
Address: 192.168.1.254

Non-authoritative answer:
Name: personalinjuryhelpline.co.uk
Address: 85.92.68.118
Aliases: www.personalinjuryhelpline.co.uk

C:\Users\Robert Geddes>

I think I got the error. Let me get to a computer and I will explain it better. Just be reassured it’s most certainly only your local network.

What My Router???


Don’t know if this has anything to do with anything… Probably NOT!

The last site I set up a website in CloudFlare I had some “Mixed-Content” issues

But I was able to go into “The Inspector” - Console in Chrome and fix the problems myself.

This time I’m getting

jquery-migrate.min.js?ver=1.4.1:2 JQMIGRATE: Migrate is installed, version 1.4.1
which I DON’T KNOW what this is

And a RED WARNING with a wee RED X:-
Unchecked runtime.lastError: The message port closed before a response was received.

But No “Mixed-Content” issues.
If there are any, which I’m sure there will be… I can’t see them!

Last time is was a “Clean Install of Wordpress”, as is this - But with a different “Theme” in use.

Last time it was a theme from the Tiger Theme Club.

This time it’s Twenty-Ninteen that comes with WordPress.

But from what you’re saying… I’m “Barking Completely Up The Wrong Tree”

And Bye-The-Way…
Thank you for taking the time - I really wasn’t EXPECTING so much help - It’s really AWESOME of you to do this…!!!

Robert.

No worries! Let’s start from the beginning here.

the issue here is nothing to do with the actual website or configuration, there is no mixed content issues: those errors you see in the console are related to JS files that return errors, but they would happen regardless of HTTP or HTTPS, but they are not the issue at hand.

The issue here is that your router and/or ISP’s DNS server is returning stale records for your domain. When I run the same command as you I get 2 IPs, not 1 (different format because I’m on a Mac):

personalinjuryhelpline.co.uk. 300 IN	A	104.28.8.43
personalinjuryhelpline.co.uk. 300 IN	A	104.28.9.43

Now if you run the same command as before (with or without www, it doesn’t really matter) appending either 8.8.8.8 or 1.1.1.1 at the end you will see different results.

Now to fix this you can either try restarting your modem/router (it may fix it, but it may reappear), try changing DNS server on the router (Google’s 8.8.8.8, Cloudflare’s 1.1.1.1, Quad9’s 9.9.9.9, OpenDNS, etc.) which should solve the issue if it’s ISP related (most likely cause) or set custom DNS servers on your machine if the issue still persists which would hint at an issue with the actual router.

Here there are setup instructions for 1.1.1.1, but all the others are simply a matter of changing IP.

https://1.1.1.1/dns/

WOO HOO…!!!

Well were half way there…

My desktop problem is fixed… But my PHONE is still saying;-
“Your connection is not private”
NET::ERR_CERT_DATE_INVALID

And when I click on the advanced tab…

This server could not prove that it is “www.MyDomainName”; It’s security certificate expired 21 days ago, This might be caused by a misconfiguration or an attacker intercepting your connection. Your computer’s clock is set to Monday, 4 November 2019. Does this look right? If not, you should correct your system’s clock and then refresh this page

Proceed to “www.MyDomainName” (unsafe).


Messages like that frighten the natives… And they Run For The Hill faster than a cowboy in the ring with an angry bull!!

And on the OLD computer… I’m now getting the “Big Yellow Border Warning” window if Firefox.

It may have solved the problem on My Computer… But I can’t expect website visitors to do the 1.1.1.1. thing.

It’s hard enough getting them to your website in the first place - without making them Jump Through Hoops to see your site.

Would it be an idea to wipe everything out and start afresh - I only built this"Last Night" so I don’t have a lot invested in it.

I’ve spent more time trying to fix the SSL on CloudFlare… “WITH YOUR HELP”… That it took me to build the bugger in the first place.

Maximum respect.

Robert.

The vast majority of people won’t need to do that, I was one example. It works just fine. The issue there seems to be that your ISP’s DNS servers are a mess, but no one can do anything about it. The issue isn’t even related to using Cloudflare, simply changing server would have had the same effect.

All the issues are that all those devices are connecting to the server directly, which has an expired certificate. You could also renew that, that would solve eventual issues (and would greatly benefit the whole security aspect of everything).

After doing so you should first set the SSL/TLS mode of Cloudflare to Full (Strict), which is now at Full (I presume). You could also enable (independently of the first step) “Always Use HTTPS” in the Cloudflare Dashboard which would force HTTPS for all connections and disable any redirects on the origin to prevent loops.

So is it Plusnet/BT’s problem?
Which has the expired certificate or Host Nine?

Which certificate should I “RENEW” - I don’t have one, that’s why I was using Cloudflare.

And how come the other website I set up on cloudflare is working fine.??

Same ISP (Plusnet/Bt) & Same Host (Host 9) - But none of this going on??

I’m getting more confused & frustrated by the minute.

And sorry for the “NEWBIE” questions - I’ve never got my head around networking proper.

SEO, Marketing, Copy Writing & keyword research, and I’ll leave the best of them in the dirt… But this.!!!

Robert.

Have you tried simply restarting your router? Maybe it’s simply an issue locally and temporary?

I doubt that BT/Plusnet have issues, so try that.

Yeah - when I did the 1.1.1.1. thing - I pissed off the wife - Shut down the router as well - and she was on facebook at the time… WHAOO that’s a sin right there!!

Sorry for the delay in getting back to you Matteo,

Apparently there is a LIMIT on how many messages you can SEND on “Your FIRST Day”…

And I hit my limit in a couple of hours, because I got a message saying that I had to wait 19 & half ours before I could reply to your last message!

Bit of a bummer that…!!

But I think it gave the site & Cloudflare the chance to sync properly and the certificate to propagate…
Because EVERYTHING is now WORKING as it should.

I even removed the 1.1.1.1 from my settings on my local computer and I can now see “A SECURE PAGE” with no warnings.

I might just have been to hasty in jumping to the conclusion that it WASN’T WORKING properly. It may not have been, but time alone seems to have solved the problem.

It’s just that it normally works right out the gate with Cloudflare.

But it seems o have SORTED ITSELF OUT now!

It even works on the Old & Really Slow computer, with an Old Browser, Without all of today’s security & upgrades that I keep for testing purposes, because some people ARE still living in the dark ages, as far as technology is concerned, and using really old equipment.

And I want to thank you so very much for all of your help & assistance that you gave me yesterday… I certainly LEARNED a thing or two from you, and I bookmarked the 1.1.1.1 page you sent me, that’s a handy wee tip to ad to my every growing knowledge bank. - They do say “Learn Something New Every Day!” - And I certainly did yesterday, with your help!

You deserve an award for putting up with me.

Do you have a PayPal.me or some way of buying you a “Cup Of Coffee” or a “Pint” for all your hard work?

Because it is very much appreciated…!!!

Once again Matteo, THANK YOU!

Maximum respect,

Robert G Johnston.

The issue may have just been a way too long DNS expiration, which you hit because you visited the website before the change, but I didn’t given the switch had already happened. Changing to 1.1.1.1 fixed the issue forcing an update.

Yeah, sorry about that… the balance there is a bit complex. I know @cloonan struggles to find the right one.

I do, but there is no need to do that :slight_smile:

PS: always alert the wife of things you do in this cases :stuck_out_tongue:

1 Like