Are you using Let’s Encrypt? Or are you planning to use it in your future web projects? I can tell you this. You must worry about these if you use Let’s Encrypt SSL.

Auto-renewal

My blog has some hours downtime today. It is bad. I thought it was a glitch on VeeroTech side. Their support said it’s a Cloudflare issue.

I checked on Cloudflare but everything is fine there. I found the problem was the expired SSL certificate. 

This is weird. The Let’s Encrypt SSL should renew automatically. But it’s not the case here. When I go to the cPanel and do some checks, the SSL certificate expired today on October 1, 2019.

Since I’ve gotten inclusion to HSTS preload list on major browsers for this blog, this brought the blog’s down for some hours. 

This because any blog or site URL that gets inclusion on HSTS preload list. Once your domain listed there, any browsers won’t open your site unless it’s using the https protocol and the certificate is valid.

Let’s Encrypt says on their page the renewal process should be automatic. So, this looks like a glitch in the web host or on their end.

The DNS records for IPv6

Make sure the domain does not have any DNS records for IPv6. Some hosts say they don’t support that DNS record. 

Therefore you need to remove all DNS records for IPv6 first. Be sure to clean them all first before your first attempt to install the SSL certificate.

The number of attempts to install

It’s a common thing to try again when we failed. However, you must limit the number of attempts before you try again. 

Some people say Let’s Encrypt server will reject the request if it repeats so many times in a short time. If you’ve failed two or three attempts, then stop it and ask the help from your host. 

Failures for wildcard

I am not sure why. It works when I issue the installation for the first time. Now, it always fails when I specify a wildcard for all the subdomains of this blog. I haven’t asked the VeeroTech support about this.

One thing for sure is, you shouldn’t depend on Let’s Encrypt if you need it for all of the subdomains of your root domain.

Verdicts

Let’s Encrypt is good. It intends to make the web more secure than ever. It provides a free SSL certificate for everyone in every country. It’s beyond the control of any organization, organized by joined communities. Let’s support them.

Also, I am the one to blame on the case of downtime today. I am not aware of it when VT support replies me back. I reply them hours later with an assumption they’ll take care of the problem. 

It turns out I am wrong. They’re waiting for my reply. Perhaps if I reply to them earlier, we can solve the problem much faster. It only needs some minutes or less to fix the problem and takes the blog up again.

So, worry about these if you use Let’s Encrypt SSL.

4 thoughts on “Absolutely worry about these if you use Let’s Encrypt”

  1. Hmm, I thought Let’s Encrypt still made you renew every 90 days on your own. I set up my first SSL cert today via cPannel. The one that my host offers makes it be self-signed, though. That’s like, um… invalid everywhere.

    1. Ideally, yes. It should renew automatically. I do similar set up through cPanel and everything works smoothly for me. Until this problem comes up on the first day of October.

  2. Hmm, I thought Let’s Encrypt still made you renew every 90 days by hand. I set up my first SSL cert today. However since it’s the one my host offers, it’s self-signed. Um… that’s like invalid everywhere.

    1. Ya. I set up through cPanel too and in my case, it works well until it can’t renew automatically on the first day of October.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.