Hello there,

once more our customer has called us because of a missing ssl certificate.

sou.de does not have a certifacte according to some browsers.

In the ssl settings inside cleavr we have this:

image831×228 7.14 KB

A certificate debugger reports this:
can’t add pdf so here is a screenshot with most important info i think:

image1127×1201 75 KB

It seems the first domain is not respected when applying a certificate. Any idea on this?

Sebastian

EDIT: I’m not renewing the certifcate from inside cleavr for you to be able to debug this matter.

I’d be very happy if you could look into this fast as the customer is obviously not happy with this.

Here’s more screenshots:

image1357×1265 90.7 KB

image1358×1269 76.9 KB

image1362×1269 85.7 KB

image1361×1272 105 KB

image1359×1264 153 KB

image1358×1261 187 KB

image1358×1266 103 KB

image1358×1270 79.2 KB

Hello @sebbler,

We’ll look into it and get back to you.

Hello Sebbler,

From the logs we couldn’t find anything useful regarding the issue. The certificate has been signed successfully. You can try re-adding the SSL certificate (verify from different browser by clearing cache or from a different network) and let us know if the issue presists.

@anish
Thank you for looking into this.

We have done this 2 times before (renewing) as we have this problem the third time in a row now.

It seems to fix the issue but does not reveal the cause of the problem.

My Desktop Browser says its fine:

A colleagues browser has this info with another timing range:

Is it possible that some old renewal logic is still stuck somewhere on the server as one certificate does not include the non-www version?

The debugging screenshots also do not include the non-www version which makes me wonder if it might be an old one floating around or sth.

Thank you for your fast help. Appreciate it!

Sebastian

On my phone, wifi off i get cert issues as well:

photo1650879401591×1280 51.4 KB

Hello @sebbler,

I’m getting the error as well for your site.

A few questions before we move forward:

1. Is this a new site? If it’s an old site, did the cert error appear after auto renewal?
2. Can you verify that DNS Records as well?
3. Did the cert errored during first signing?

1. It’s an old site. It all started back in october when we changed from single domain to non-www and www-domain. See this forum post: SSL Certificat missing URL
   So the cert error seems to have appeared after autorenewal.
2. DNS-Settings are handled by the customer so what we have is something like this (also see post above):
   example .com A 192.168.1.1
   www. example .com A 192.168.1.1
   I requested the real DNS-Settings and report back later.
3. Can’t tell as another employee was handling this problem and is not part of the company anymore.

If you need anymore info let me know please.

Thank you!

So the DNS-Guy from the customer also said that it seems that the certificate is not valid for sou.de but for www.sou.de.

Not sure if that helps but it’s a trace at least.

He will provide DNS_Settings soon.

Here are the screenshots from DNS-Settings:

image781×136 14.7 KB

image737×150 22.6 KB

Hello @sebbler,

Thank you for the details. We’re looking into it.

@anish
Thank you very much.

Not to make pressure but to inform you:
I want to let you know that the maximum time the page can stay this way is the next 24h.

I was able to agree this time period with the customer.

After this time i need to renew the cert to fix the clients problem.

Hope that’s not a problem!

Thank again for your help.

Sebastian

Hello @sebbler ,

We renewed the SSL cert so the site doesn’t display the SSL warning - thanks for offering to keep the issue live for troubleshooting, but it wasn’t necessary in this case.

After investigating further, I think we may know what happened. There were a couple of records in .acme.sh where one record has both www and non-www and the other only contained the www record. I’m thinking what happened is that during renewal, the first record ran which would have been what we’d expect for SSL, and then the second one ran which overwrote the previous and left www but non-www with an SSL cert. I removed the second record so I believe the next renewal should work as expected. I verified that other domains with both www and non-www look correct.

We’ll see if we can repro how two records got in there…

Thank you for going fast on this one once again.

Appreciate your help.

Let’s hope its fixed!