Jump to content


Photo

[Solved] Ssl Error: Sec_Error_Revoked_Certificate

ssl error SEC_ERROR_REVOKED_CERTIFICATE

  • This topic is locked This topic is locked
12 replies to this topic

#1 maicol07

maicol07

    Rank IV Member

  • Members
  • PipPipPipPip
  • 284 posts
  • Gender:Male
  • Location:Italy
  • Interests:Python, Android, Windows, HTML, PHP, JS, WordPress

Posted 06 June 2017 - 02:00 PM

Hi,

I have an SSL error in my browser (Firefox 53.0.3 x64):

Secure Connection Failed. An error occurred during a connection to maicol07.tk. Peer's Certificate has been revoked. Error code: sec_error_revoked_certificate

With the other browsers it works. Why?

I see also that the certificate (issued by ZeroSSL) has expiring date on 2020! The others certificates by ZeroSSL of susbdomains has all expiring date on 07/2017...

Thanks


Python, Android and web developer.

Check out:

My website
My Blog

My GPlay Developer Page


#2 Luigi123

Luigi123

    Rank X Member

  • Moderators
  • 2,814 posts
  • Gender:Male
  • Location:Winnipeg, Manitoba, Canada

Posted 06 June 2017 - 03:49 PM

This support request is being escalated to our root admin.
Posted ImagePosted ImagePosted Image
Posted ImagePosted ImagePosted Image

#3 Krydos

Krydos

    Rank X Member

  • Root Admin
  • 22,134 posts
  • Gender:Male

Posted 06 June 2017 - 08:42 PM

According to https://www.sslshopp...ame=maicol07.tk that ssl certificate should be good, but when I open the page in Chrome it says it doesn't trust it. Did you pay for that certificate?

#4 wolstech

wolstech

    Rank X Member

  • Root Admin
  • 13,776 posts
  • Gender:Male
  • Location:Pennsylvania

Posted 06 June 2017 - 08:53 PM

I'll bet he updated Firefox...StartCom has a terrible past reputation and Firefox blacklisted the StartCom CAs. Read https://bugzilla.moz....cgi?id=1311832

 

Chrome I believe has done similar, though his site oddly works for me in Chrome. It also worked in Firefox 40, but did not in Firefox 53 (the ban was implemented in v51+, so makes sense).

 

He probably should get a certificate from another CA...


Please do not PM me for support. Posting on our forums lets all of us learn.
Do you play Minecraft? | Server Monitors | And the Dumbass of the Decade award goes to...


#5 maicol07

maicol07

    Rank IV Member

  • Members
  • PipPipPipPip
  • 284 posts
  • Gender:Male
  • Location:Italy
  • Interests:Python, Android, Windows, HTML, PHP, JS, WordPress

Posted 07 June 2017 - 05:44 AM

According to https://www.sslshopp...ame=maicol07.tk that ssl certificate should be good, but when I open the page in Chrome it says it doesn't trust it. Did you pay for that certificate?


No, I had installed a certificate from ZeroSSL. Normally, it expires in 90 days, but I don't know why it expires in 3 years. Should I issue a new certificate?
Thanks

Python, Android and web developer.

Check out:

My website
My Blog

My GPlay Developer Page


#6 Krydos

Krydos

    Rank X Member

  • Root Admin
  • 22,134 posts
  • Gender:Male

Posted 07 June 2017 - 06:18 AM

The current ssl certificate on maicol07.tk was issued by startcom not let's encrypt. Since you're on Tommy we actually offer free comodo certificates, and if you use our certificate it will automatically renew itself when it gets close to expiring. Do you mind if I delete your current certificate and install ours?

#7 maicol07

maicol07

    Rank IV Member

  • Members
  • PipPipPipPip
  • 284 posts
  • Gender:Male
  • Location:Italy
  • Interests:Python, Android, Windows, HTML, PHP, JS, WordPress

Posted 07 June 2017 - 08:47 AM

The current ssl certificate on maicol07.tk was issued by startcom not let's encrypt. Since you're on Tommy we actually offer free comodo certificates, and if you use our certificate it will automatically renew itself when it gets close to expiring. Do you mind if I delete your current certificate and install ours?


No, of course. If you can for all my subdomains and add-on domains of my accounts.
Thanks

Python, Android and web developer.

Check out:

My website
My Blog

My GPlay Developer Page


#8 Krydos

Krydos

    Rank X Member

  • Root Admin
  • 22,134 posts
  • Gender:Male

Posted 07 June 2017 - 03:12 PM

https://maicol07.tk/ no longer gives me an error now that it's using out system's automatic ssl. Is it working for you too?

#9 maicol07

maicol07

    Rank IV Member

  • Members
  • PipPipPipPip
  • 284 posts
  • Gender:Male
  • Location:Italy
  • Interests:Python, Android, Windows, HTML, PHP, JS, WordPress

Posted 07 June 2017 - 03:24 PM

Yes, only one problem: https://apps.maicol07.tk doesn't work. Error: SSL_ERROR_BAD_CERT_DOMAIN


Python, Android and web developer.

Check out:

My website
My Blog

My GPlay Developer Page


#10 Krydos

Krydos

    Rank X Member

  • Root Admin
  • 22,134 posts
  • Gender:Male

Posted 07 June 2017 - 04:06 PM

Here's the error it encountered for that domain:
9:48:43 AM WARN The domain “apps.maicol07.tk” failed domain control validation: The system failed to fetch the <abbr title="Domain Control Validation">DCV</abbr> file at “<a href="http://apps.maicol07.tk/B0BF63864B4A9371D4DA748B919467DC.txt">http://apps.maicol07.tk/B0BF63864B4A9371D4DA748B919467DC.txt</a>” because of an error: The system failed to send an <abbr title="Hypertext Transfer Protocol">HTTP</abbr> “GET” request to “http://apps.maicol07.tk/B0BF63864B4A9371D4DA748B919467DC.txt” because of an error: Timed out while waiting for socket to become ready for reading .
Do you have .htaccess rules blocking access to apps.maicol07.tk/B0BF63864B4A9371D4DA748B919467DC.txt?

#11 maicol07

maicol07

    Rank IV Member

  • Members
  • PipPipPipPip
  • 284 posts
  • Gender:Male
  • Location:Italy
  • Interests:Python, Android, Windows, HTML, PHP, JS, WordPress

Posted 07 June 2017 - 04:17 PM

No, that file doesn't exsists...


Python, Android and web developer.

Check out:

My website
My Blog

My GPlay Developer Page


#12 wolstech

wolstech

    Rank X Member

  • Root Admin
  • 13,776 posts
  • Gender:Male
  • Location:Pennsylvania

Posted 07 June 2017 - 04:46 PM

The apps subdomain is acting strangely...it threw a 500 error on me twice before the content loaded. It also has a forced HTTPS redirect which may also need to be removed.

 

I would rename the .htaccess file to start.


Please do not PM me for support. Posting on our forums lets all of us learn.
Do you play Minecraft? | Server Monitors | And the Dumbass of the Decade award goes to...


#13 Krydos

Krydos

    Rank X Member

  • Root Admin
  • 22,134 posts
  • Gender:Male

Posted 07 June 2017 - 05:08 PM

No, that file doesn't exsists...

The way autossl works is it created a 32 digit long random named .txt file, and then tries to access it externally. If you have .htaccess rules preventing that .txt file from being read, then ssl fails, and it deletes the file. So the file is only there for maybe 5 minutes total while it checks your domain. Like wolstech said renaming your .htaccess is a quick way to tell if that's the issue.





Also tagged with one or more of these keywords: ssl, error, SEC_ERROR_REVOKED_CERTIFICATE

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users