Plugin Author
Mark
(@markwolters)
Hi @brooner,
what notice do you see exactly? The ‘Install SSL Certificate’ and ‘Retry’ buttons in the SSL dashboard? I’m unable to reproduce the issue by using a Let’s Encrypt certificate. It could be the SSL check is returning false while the certificate is valid, this usually happens due to a cURL error or a restriction that causes the plugin to be unable to check the certificate. Could you provide some more information about the setup you are using like webserver/host so we can try to replicate the issue?
Yes, I see those buttons and the error above them.
The webserver is Apache on Centos 6, a very standard LAMP setup. It’s old but never gave us problems, also there are many websites hosted here with your plugin installed but this is happening only with Let’s Encrypt certificates.
Plugin Author
Mark
(@markwolters)
Hi @brooner,
strange, I’ve tried again to reproduce the issue but cannot replicate it, in our test setup a Let’s Encrypt certificate can be detected. Since the sites do have a valid SSL certificate you can safely dismiss the notice by pressing the X right next to it.
I don’t know if it may be related with recent problems surfacing for Let’s Encrypt certificates, like this one:
https://eclecticlight.co/2021/09/21/el-capitan-and-older-mac-os-x-are-about-to-have-a-security-certificate-problem/
Probably not. But if you visit my website (the page I linked to in my first post) on a Mac with El Capitan for instance, it will tell you the certificate is not valid.
Plugin Author
Mark
(@markwolters)
Hi @brooner,
good find, we can indeed reproduce this issue using El Capitan. It seems the be an issue with old root certificates in older Mac os version. The solution would be to update those. You could also check with your hosting provider if they possibly use an old root certificate, although I expect this issue to be client related.
The server is completely managed by me and my colleagues. I have to understand if the problem hitting El Capitan happens on old CentOS versions too, because that may explain the error with your plugin.
Plugin Author
Mark
(@markwolters)
It’s very well possible this is what’s causing the issue, as it does seem to affect older CentOS versions with specific OpenSSL versions. See https://blog.devgenius.io/rhel-centos-7-fix-for-lets-encrypt-change-8af2de587fe4 for some possible fixes. Curious to hear if that resolves the issue.
Sorry for the late (yeah, I’m being euphemistic) response, but yes, it’s a problem with older CentOS and the solution you found only works with CentOS 7.
So I moved all affected websites to a new server with CentOS 8 (which I will have to migrate to something else soon, too).
Thanks for the help and the tips.
