Last updated: November 28, 2021 at 10:42 PM
The server is downed by breaking up ssl certificate renewal on the core server
This site is operated by a coer server of the rental server, but since the SSL certificate has remained expired, I tried to renew the SSL certificate manually yesterday.
First of all, I guessed that a new SSL certificate would be installed by logging in to the control panel of the core server, releasing SSL once in the site settings, and selecting free SSL again.
Immediately, when I tried this operation, the SSL certificate was not installed, and ssl connection to the server was not possible as shown on the above screen.
This could not be recovered on its own as soon as possible, so when I contacted support for the core server, I received the following answer.
Status: Contacting -> Responded
Mr. Miura
Thank you for your continued patronage of our services.
We will inform you about the inquiry.
When I checked the core server V1 "xxxxxx@yyy.coreserver.jp", the expiration date had passed with the free SSL certificate of the subdomain "www.senris.com".
We have been allowed to perform the update work after confirming at the department in charge earlier, and it is a situation that is reflected as confirmed by the customer side now.
I'm sorry, but I hope you can see the situation for a while.
Above, thank you for your confirmation.If you have any other questions, please feel free to contact us.
Nov 12, 2021 16:39:56 Customer Support: XXX
We look forward to your continued support of our services in the future.
I was very impatient, but as mentioned above, I was relieved that the server was successfully recovered due to the support of the core server.
As a result, I did extra operations, and the server went down for about 50 minutes before the department in charge of the core server responded.
The expiration date of the free SSL of the core server should be automatically renewed by the robot every two months, but it seems that it may not be renewed at the timing of the contract period extension of the server, so please be careful if you are using the core server.
When your SSL certificate expires, don't take any extra action and contact customer support!
* Added 2021.11.25
This issue is believed to be caused by the “Let’s Encrypt Root CA Certificate Expiration” that occurred on September 30, 2021, as described in the article below.
The issuer of the SSL certificate was ESET
Recently, I installed ESET security software on my everyday laptop, but when I accessed my server "senris.com", I noticed that the issuer name of SSL certificate is ESET for some reason.
The above screen shows the SSL certificate on the Chrome version of Edge.
This site is encrypted with SSL (TLS 1.3) and uses a free server certificate called "Let's Encrypt", so the issuer name of the SSL certificate cannot be ESET.
When I examined the cause of this on the net, it seems that ESET decrypts the SSL communication of the browser, checks the communication contents, encrypts it again and sends it to the browser.
And in addition, since the issuer name of ssl certificate is changed to ESET without permission, it is doing a nuisance that the original issuer name cannot be confirmed.
If you trust ESET 100% , that may be fine, but from the server operator's point of view, it is not very pleasant, so I would like you to stop such unnecessary processing.
Therefore, we decided to exclude this process in the ESET configuration.
If you turn off the HTTP scanner setting of ESET as follows, it is OK.
The issuer name of the SSL certificate is now R3, Let's Encrypt, US.
