West Wind Web Store
Expired SSL cert on https://markdownmonster.west-wind.com
Gravatar is a globally recognized avatar based on your email address. Expired SSL cert on https://markdownmonster.west-wind.com
  David Schulman
  All
  Jul 7, 2021 @ 08:30am

Hi Rick,

It looks like your Let's Encrypt SSL cert for https://markdownmonster.west-wind.com expired about 90 minutes ago:

> echo "QUIT" | openssl s_client -connect markdownmonster.west-wind.com:443
CONNECTED(00000003)
depth=1 C = US, O = Let's Encrypt, CN = R3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = markdownmonster.west-wind.com
verify error:num=10:certificate has expired
notAfter=Jul  7 15:00:34 2021 GMT
verify return:1
depth=0 CN = markdownmonster.west-wind.com
notAfter=Jul  7 15:00:34 2021 GMT
verify return:1
---
Certificate chain
 0 s:CN = markdownmonster.west-wind.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAyzt45cERxkwX8uHl//0CAybMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTA0MDgxNTAwMzRaFw0yMTA3MDcxNTAwMzRaMCgxJjAkBgNVBAMT
HW1hcmtkb3dubW9uc3Rlci53ZXN0LXdpbmQuY29tMIIBojANBgkqhkiG9w0BAQEF
AAOCAY8AMIIBigKCAYEAuxAMHoiQNDOo/hvYWE7q+FnfTr1vpYJ6PqlYUhycX8A4
q8Py87GzS7CxSNFMOWpFy3l3wbluUvyKaTKRbVBRsQ6O6HeCz75XFJhCNQ1Fjtvf
4K6gZ+sQS4OudmumXAACC2ZryOLwwNm6mpm/8nH9Z6otUi/CkXyuZiym5z/w3t11
wU4az2VDBDdjXXyeZ7CmxFp9ru3JDkCa4QGbnNkcqtsP/Dg2JS5FaQap4VHelUeV
rt+A7PdIp8vS/DhTsng75zW1fzqZ1RsBhpZ/2UHql00n+UJvyYHI/PDECzoGQvtZ
AJblq2Al+dNTgTKHSMxEGAKoG6ZrUpC8AWhmKHll9skf0NsaFy3hTrxdo6DNYgy2
jo07UkninWyUhWJNeQaV8tPYeK4UPXEO2tlrzKS+WO1NnfInq/KKgq41g5gZMB0I
T2FgtFtdDYUnkzpTGDuTJan3nzeHs00JTKQga23gevhkRGa2jafK161qEbnOlVwx
z1Jhan3uJcFMNBSFQ96pAgMBAAGjggJZMIICVTAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
BBYEFHK0+r1srw/bSNRjfCRzsDV4IFERMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
MCgGA1UdEQQhMB+CHW1hcmtkb3dubW9uc3Rlci53ZXN0LXdpbmQuY29tMEwGA1Ud
IARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0
dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDx
AHYAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAF4sja86gAABAMA
RzBFAiEAyvX+oZ5vO5c+M3/jkwniGcLQVm2MyKWYXzj3sIpFolICIFnETML2v52a
mA72mtEuNKxjd/ixUbuG36ls21WgJCZiAHcAfT7y+I//iFVoJMLAyp5SiXkrxQ54
CX8uapdomX4i8NcAAAF4sja8/wAABAMASDBGAiEA30zPFmuNbg/j13Ohm9feszPL
osNJ2jy+Zdr50kEAe/cCIQC4t17dTyRbg819cptnJdJq/9kz403Syiho3n4EkOAM
FTANBgkqhkiG9w0BAQsFAAOCAQEAp7dfZ9l1mbZVNWwNKvcTueQEjW9UWbN/ZhZl
Svbm/JY1Ncqqwk/4h1NjlE48ptgFg2vjImUpYZLK2wkRcbRQ8aIDj3IJ2L3ZfTGL
Tu7XFaC2zHCqvAo8RY6hBxxQY/a7eWdJCPSB5kcj+cRBaBHGVOCxgnYZW53Ox6cW
QMV9jVX4XVvQyR+hUkkzASKN/VEXZTtIQ3B6IbCDWBqqNCz0zlLfFE2hQw+2zxMv
gMvgnOpJD73Ntn1XLFNQsqngT9HYYKUAs5U+o3PT1Rwk09up3kdtjyh+0+pSWoXG
tJk6cSPdXpKZjtfJcznAHieC/mop/mQTiCub2yBrRtg6EbaRmA==
-----END CERTIFICATE-----
subject=CN = markdownmonster.west-wind.com

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3192 bytes and written 424 bytes
Verification error: certificate has expired
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 3072 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: CE410000DA950920FB72C9990BA779FEE782BD26DF0E5382545C12A95CDA6D4B
    Session-ID-ctx:
    Master-Key: F91D3349A0E335ECC8DB4F11355FF0312611F07F3CAF6255D44BEDDA12A7B4DE31018E8B1B59844E0265A523BF9B930D
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1625671540
    Timeout   : 7200 (sec)
    Verify return code: 10 (certificate has expired)
    Extended master secret: yes
---
DONE

Gravatar is a globally recognized avatar based on your email address. re: Expired SSL cert on https://markdownmonster.west-wind.com
  Rick Strahl
  David Schulman
  Jul 7, 2021 @ 08:53am

Thanks David,

Wow this is freaking weird. It looks like the LetsEncrypt daimon completely dropped the site from the renewal list. There are about 20 sites on my server all running LE certs but this one (that's been just on auto-pilot for years) just wasn't there.

Just updated...

Thanks for the heads up!

+++ Rick ---

© 1996-2021