Let's encrypt problem with Strict Transport Security

    On my Website http://www.web4you-gmbh.ch i activated Strict Transport Security. Now i checked my site is not working on all clients (browsers?).


    First i found on Firefox settings under network certificates the ckeckbox for OCSP was checked. With this checked my site is telling me "An error occurred during a connection to http://www.web4you-gmbh.ch. Peer's Certificate has been revoked. Error code: SEC_ERROR_REVOKED_CERTIFICATE"


    Ok BUT !! Another site "maennerchor-kuettigen.ch" or "eichler.ch" and all other on same server are working perfectly also with checked OCSP.


    Now as you can see - only my own site is not working. So i unckecked this "Strict Transport Security" but this has no effect till now. Means when i open http:// on my website it will redirect to https://


    What do i have to do?

    I-MSCP 1.5.3 - Debian 9 Stretch

    Please read what HSTS is doing. That's expected AS long AS the max-age time is set :D
    Anout Letsencryt can you post the Plugins log file under /var/log/imscp/?

    @web4you


    From my browser (google chrome), I can access your site without any problem:


    web4you.pngweb4you02.png

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    @web4you


    But on firefox, this miserably fail:


    web4youff.png



    We will investigate.


    Edit: @web4you Do you have disabled LetsEncrypt for that domain? It seem that the certificate has been revoked... Fireforx check if SSL certificate has been revoked and if yes, show that error message.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    This exactly is my problem.


    As you can see here: https://ssl-trust.com/SSL-Zertifikate/check
    my cert is ok. See attachement. And if you check another site on my server like http://eichler.ch or http://maennerchor-kuettigen.ch they are working perfectly with OCSP Server check activated. But only http://web4you-gmbh.ch does not.

    Please revoke your certificate and recreate a new one (disable for domain and reenable). After that try again :)

    Ok please fix it in following way:

    • Edit your config.php and add --force-renew in the array certbot_cmd_create_options
    • In admin panel update plugin list
    • Disable LetsEncrypt for that domain (revoke)
    • Reenable LetsEncrypt for that domain (force renew)
    • Remove added entry --force-renew in config.php again
    • In admin panel update plugin list

    Seems letsencrypt had some problems with clean revoke or you played too much :D