Jump to content

[Solved] Ssl Error: Sec_Error_Revoked_Certificate

maicol07

By maicol07
in Escalated Requests

 Share

Recommended Posts

maicol07 Newbie

maicol07

Posted
Posted

Hi,

I have an SSL error in my browser (Firefox 53.0.3 x64):

Secure Connection Failed. An error occurred during a connection to maicol07.tk. Peer's Certificate has been revoked. Error code: sec_error_revoked_certificate

With the other browsers it works. Why?

I see also that the certificate (issued by ZeroSSL) has expiring date on 2020! The others certificates by ZeroSSL of susbdomains has all expiring date on 07/2017...

Thanks

wolstech Grand Master

wolstech

Posted
Posted

I'll bet he updated Firefox...StartCom has a terrible past reputation and Firefox blacklisted the StartCom CAs. Read https://bugzilla.mozilla.org/show_bug.cgi?id=1311832

 

Chrome I believe has done similar, though his site oddly works for me in Chrome. It also worked in Firefox 40, but did not in Firefox 53 (the ban was implemented in v51+, so makes sense).

 

He probably should get a certificate from another CA...

maicol07 Newbie

maicol07

Posted
  • Author
Posted

According to https://www.sslshopper.com/ssl-checker.html#hostname=maicol07.tk that ssl certificate should be good, but when I open the page in Chrome it says it doesn't trust it. Did you pay for that certificate?

No, I had installed a certificate from ZeroSSL. Normally, it expires in 90 days, but I don't know why it expires in 3 years. Should I issue a new certificate?

Thanks

Krydos Grand Master

Krydos

Posted
Posted

The current ssl certificate on maicol07.tk was issued by startcom not let's encrypt. Since you're on Tommy we actually offer free comodo certificates, and if you use our certificate it will automatically renew itself when it gets close to expiring. Do you mind if I delete your current certificate and install ours?

maicol07 Newbie

maicol07

Posted
  • Author
Posted

The current ssl certificate on maicol07.tk was issued by startcom not let's encrypt. Since you're on Tommy we actually offer free comodo certificates, and if you use our certificate it will automatically renew itself when it gets close to expiring. Do you mind if I delete your current certificate and install ours?

No, of course. If you can for all my subdomains and add-on domains of my accounts.

Thanks

Krydos Grand Master

Krydos

Posted
Posted

Here's the error it encountered for that domain:

9:48:43 AM WARN The domain “apps.maicol07.tk” failed domain control validation: The system failed to fetch the <abbr title="Domain Control Validation">DCV</abbr> file at “<a href="http://apps.maicol07.tk/B0BF63864B4A9371D4DA748B919467DC.txt">http://apps.maicol07.tk/B0BF63864B4A9371D4DA748B919467DC.txt</a>” because of an error: The system failed to send an <abbr title="Hypertext Transfer Protocol">HTTP</abbr> “GET” request to “http://apps.maicol07.tk/B0BF63864B4A9371D4DA748B919467DC.txt” because of an error: Timed out while waiting for socket to become ready for reading .
Do you have .htaccess rules blocking access to apps.maicol07.tk/B0BF63864B4A9371D4DA748B919467DC.txt?
wolstech Grand Master

wolstech

Posted
Posted

The apps subdomain is acting strangely...it threw a 500 error on me twice before the content loaded. It also has a forced HTTPS redirect which may also need to be removed.

 

I would rename the .htaccess file to start.

Krydos Grand Master

Krydos

Posted
Posted

No, that file doesn't exsists...

The way autossl works is it created a 32 digit long random named .txt file, and then tries to access it externally. If you have .htaccess rules preventing that .txt file from being read, then ssl fails, and it deletes the file. So the file is only there for maybe 5 minutes total while it checks your domain. Like wolstech said renaming your .htaccess is a quick way to tell if that's the issue.
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...