SSL - Invalid certificate even if set like others

Answer these questions to help the Community help you with Security questions.

What is the domain name?
staging13.congressiinternazionali.it

Describe the issue you are having:
I’ve simply bought an ssl advanced plan and connected it as i’ve done for other websites (Let’s encrypt TXT). Gives me invalid ssl error

What steps have you taken to resolve the issue?

  1. delete and recreate SSL

Have you tried from another browser and/or incognito mode?
yes

Your domain has expired…
https://cf.sjr.org.uk/tools/check?3b7bc023ac994e879fc947f67a8459b0#whois

May not be the cause of your problem (as your apex domain still seems to be working), but needs fixing.

Sure will be fixing this ASAP. Any suggestions on the issue of the topic?

The advanced certificate for staging13.congressiinternazionali.it is working ok at the Cloudflare edge…

curl -Iv https://staging13.congressiinternazionali.it
*   Trying 172.67.138.42:443...
* Connected to staging13.congressiinternazionali.it (172.67.138.42) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=staging13.congressiinternazionali.it
*  start date: Mar  6 21:54:39 2024 GMT
*  expire date: Jun  4 21:54:38 2024 GMT
*  subjectAltName: host "staging13.congressiinternazionali.it" matched cert's "staging13.congressiinternazionali.it"
*  issuer: C=US; O=Let's Encrypt; CN=E1
*  SSL certificate verify ok.

The 526 error you see is telling you that the SSL certificate on your origin server has a problem. If you set the DNS for staging13.congressiinternazionali.it to DNS only, you can connect directly to the server to see what the problem is.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.