Domain is serving incorrect SSL certificate

Support
,
1

My YunoHost server

Hardware: HP server rack
YunoHost version: 11.2.11.3
I have access to my server : SSH + web admin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes but not for this domain
If yes, please explain: I have custom nginx confs for other domains but not this one

Description of my issue

Browsers say my den.nohost.me domain SSL certificate has expired weeks ago, but through the web-admin it says it is valid and has 89 days left. I am using Let’s Encrypt through the yunohost tools. The yunohost diagnosis says there are no problems with the domain.

I have tried to install a self-signed cert and then reinstall the Let’s Encrypt certificate. There were no errors during either process. Renewing or reinstalling certificates and diagnosis have not given any errors, so I have no error logs.

I have tried visiting my domain through the local network as well as outside, and they all refuse to connect. Firefox says “SEC_ERROR_EXPIRED_CERTIFICATE”

I have not manually edited the nginx .conf file for this domain. I am not sure how to approach this issue, what can I do to try to troubleshoot this? Thank you!

2

I think, the negociation SSL is made by another nginx, or by the modified Nginx, who give the expired certificate, not the new one.

Because your Yunohost don’t find any problems.

Do you use a SNI Proxy? You should investigate at this place, and follow step by step how and where Internet request come and go.

3

Thank you for the suggestion, it ended up being a bad nginx conf file for a different domain.

I had already tried reloading nginx before, but nothing changed. However when I tried restarting it with systemctl, it gave an error that port 8448 was already in use, and nginx couldn’t start.

Apparently when I tried setting up the conf for a Matrix homeserver (which uses that port), it ended up messing up nginx. When I deleted that conf, nginx started successfully and is now serving the correct SSL certificates for my domains.

1 Like