Need help?

Our experts have had an average response time of 13.14 minutes in February 2024 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

How to prevent ‘Certificate for FILE “(CN: domain.com)” has expired!’ errors in your server

by | Apr 14, 2018

Earlier, only businesses that dealt with confidential information such as credit card or online transactions, were bothered about their website security.

But with most advanced browsers now making HTTPS mandatory, and even Google considering it as a parameter for website ranking, every website is now getting an SSL certificate.

To enable HTTPS support for your websites and server, you need to install SSL certificate for them. When installed on a web server, SSL allows to initiate secure connections with the browser.

SSL certificate – The hassles involved, and how we tackle those

An SSL certificate generation process involves:

  • Producing strong public and private keys that decrypt the messages between web server and browser.
  • Getting a CA (certificate authority) file from an organisation that validates the integrity of your SSL.
  • Creating a certificate signing request (CSR) with the details of the website that requires SSL.

1. Cost

SSL certificates purchased from certificate authorities usually comes with a cost – in packages such as monthly, annual, etc, which is why many website owners opt for self-signed certificates. But they don’t offer fool-proof security.

However, with the emergence of Let’s Encrypt, a certificate authority that provides free SSL certificates for encryption, this cost factor is no longer a concern.

At Bobcares, we help server owners to install and setup Let’s Encrypt in their web servers – Apache, NginX, IIS or any other software – and configure the free SSL for their websites.

2. Security

Many server owners go into a relaxed mode once SSL is enabled for the web server, thinking that the data is secure. But that may not be the case always.

Configuration errors, outdated SSL protocols, weak ciphers, SSL vulnerabilities, etc. can break this secure communication and make the server prone to hacks.

By performing periodic server audits, keeping abreast with security vulnerabilities, performing prompt security updates and patching, Bobcares engineers keep our customers’ servers safe and secure.

3. Validity

Every SSL certificate is valid for only a limited time period.  Let’s Encrypt certificates are valid for only 90 days, inorder to limit damage from key compromise and mis-issuance.

Also, different websites in your server may have different expiry dates for their SSL certificates. As a result, renewing the SSL certificates on time for all sites is a hassle for many server owners.

Bobcares engineers handle such SSL management issues by configuring ‘SSL check’ tools in the servers to review the certificate validity for all domains and renew them before they get expired.

What causes ‘Certificate for FILE “(CN: domain.com)” has expired!’ errors in server?

Every SSL certificate has an expiry date associated with it. It could vary from days to months. When you install a certificate, you need to be aware of its validity too.

An expired SSL certificate can break the encryption, disrupt the website functioning or throw away visitors from your site. So, renewing the SSL certificate before it expires, is vital for a web site.

But, what if you do not renew this SSL on time? That is when you start getting alert mails from the server with the subject  ‘Certificate for FILE “(CN: domain.com)” has expired!’

Some services and sites can run only with SSL. A website or a service running on an expired SSL can cease to function and lead to loss of business and downtime for customers.

How to fix ‘Certificate for FILE “(CN: domain.com)” has expired!’ alerts in server?

The immediate action to be taken when you get an email with the subject ‘Certificate for FILE “(CN: domain.com)” has expired!’, is to verify that the SSL file for that domain has expired.

If the SSL is expired, you need to promptly renew and update the SSL to ensure that the site functions fine and that the downtime is minimized.

However, in certain scenarios, we have noticed that even if the website shows updated SSL, the ssl checker still sends notification mails saying that the certificate has expired.

This can happen in scenarios where there are any old SSL files present in the SSL folder in the server, or due to other configuration issues, which we identify and resolve to fix these alerts.

How we prevent ‘Certificate for FILE “(CN: domain.com)” has expired!’ errors in server

At Bobcares, when we configure Let’s Encrypt SSL in servers, we configure alert messages to notify that the SSL is going to expire, a few days before the expiry date itself.

Depending on the web server and the control panel in the server, we configure the location for the SSL files in the SSL ‘check and notify’ script.

This tool checks the validity of each SSL certificate in the server, its expiry date and the number of days left for the SSL to expire.

Host                                   Status Expires Days
----------------------------------------------- ------------ 
FILE:/etc/haproxy/ssl/example1.org.pem Valid Jan 6 2017 78
FILE:/etc/haproxy/ssl/example2.org.pem Valid Jan 1 2017 73
FILE:/etc/haproxy/ssl/example3.org.pem Valid Jan 6 2017 78

When a domain listed in the script is about to expire in say, the next 15 days, it will send a notification to the admin email we have configured, and we take proper steps to renew the SSL.

Our engineers take actions to renew the SSL on time, without letting them expire and affect the website security. This will help us to ensure that no sites or services are down because of SSL issues.

Conclusion

‘Certificate for FILE “(CN: domain.com)” has expired!’ is an alert that is generated when the SSL certificate for a domain is expired. Monitoring the SSL validity and on-time renewal is vital to avoid a downtime. Today we’ve seen how we perform SSL management in our customers’ servers to ensure smooth functioning of websites and services.

 

NO MORE SERVER ERRORS!

Never again lose customers to website errors! Let us help you.

GET EXPERT ASSISTANCE NOW

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF