Introduction ⇨ how to fix SSL certificate errors
SSL Certificates are an important part of securing the data transmission between websites and their visitors. If it were not for this tried and true encryption layer, we would not be able to do the vital tasks online that have become commonplace since the advent of the Internet. Whether it is shopping, banking, or scheduling our doctor appointments, everything in the cyberworld relies on SSL certificates to secure our data.
The proceeding article tutorizes some general procedures that the Everyday Heroes in the Tech World follow when troubleshooting SSL certificate errors. The solutions herein are not geared toward any one specific error code, so some entries will be more relevant than others based on the specifics of your situation. This outline is not a strict or mandatory procedure, but merely a collection of known solutions in guide form that have helped resolve general certificate related errors in the wild. Use this process as a way to rule out the most common troubles that might be tripping you up while going through the motions of How To Fix SSL Certificate Errors.
General Guide Instructions
Our guide covers instructions for the top 5 most used web browser variants on the web running on Linux, Macintosh, and Windows operating systems. We define these browser variant families as: Chromium (Chrome), Firefox, Microsoft Edge/Internet Explorer, Opera, and Apple’s Safari. The browser you are troubleshooting will fall into one of these categories.
⚠ BEWARE ⚠
DO NOT ENTER
PERSONAL INFORMATION
When receiving a security warning from your browser it’s a red flag to exercise an overabundance of caution with the information you provide that website. Never input any PII into sites that throw browser security warnings until those warning have been resolved.
Before we begin, lets go over some ground rules. When it comes to transmitting any personal data (PII) it’s very important to recognize the security warning signs your browser displays. These warning are a red flag to the visitor that the browser cannot guarantee that the intended website is the correct recipient you are sending your encrypted traffic to. So it’s vital to scrutinize anything you submit to a website when these warnings are displayed.
Who is this guide for?
This guide is intended for both general website visitors and site or systems administrators alike. It has been split into two major sections halves, the first is general troubleshooting for visitors while the latter half is geared toward server-side issues that must be corrected by an administrator of the site or system in question. It’s also important to remember that these two sections are not mutually exclusive, administrators can use both sections to help replicate and troubleshoot the issues a specific user is facing or all users of the site are facing.
What is a browser variant?
There are many alternative versions of existing browsers that target specific types of user-bases, feature sets, and/or marketing to a specific audience niche. However, most of these browsers are a variation on the more widely adopted traditional industry giants like: Google Chrome, Mozilla Firefox, Microsoft Edge/Internet Explorer, Opera, and Safari. In addition to covering these “big box” brands, we will also list some of the more popular variants that run on the same source codebase as the errors displayed in these variants should be virtually identical to their predecessor, save for some styling and/or icon differences.
⇨ Browser Variant Family Matrix
NameHero
Use the browser variant family matrix below to identify the family of the browser variant you are troubleshooting.
Avast, Blisk, Brave, Chromium, Epic, Google Chrome, Ungoogled Chrome, Vivaldi, etc…
Basilisk, IceCat, LibreWorlf, Mozilla Firefox, Pale Moon, Swiftweasel, Tor, Waterfox, etc…
Microsoft Edge, Microsoft Edge: Internet Explorer Mode, Microsoft Edge Legacy
Opera, Opera Crypto, Opera GX, Opera Mini, Opera Mobile, Opera Neon
Apple Safari, Apple Safari for Windows
Table of contents & Filters
You will be able to filter the instructions in each section down to one of the browser variant families to access only the relevant instructions for the browser you are troubleshooting. Please take advantage of our table of contents below to get you to the appropriate section of the guide most relevant to your needs or start from the top and work your way down.
- Introduction ⇨ how to fix SSL certificate errors
- General Guide Instructions
- How to fix SSL certificate errors as a website visitor
- Step 1 ⇨ Manually review certificate details
- Step 2 ⇨ Hard Refresh / Force Reload
- Step 3 ⇨ Restart your browser
- Step 4 ⇨ Browser Privacy Sandbox
- Step 5 ⇨ Verify system clock & time zone
- Step 6 ⇨ Temporarily disable VPN & antivirus software
- Step 7 ⇨ Clear browser cache, cookies, & temporary internet files
- Step 8 ⇨ Reset browser SSL state (Windows Only)
- How to fix SSL certificate errors as an administrator
How to fix SSL certificate errors as a website visitor
The first portion of this guide will cover the common problems you might face as a website visitor to any HTTPS enabled webpages online. These issues are focused on resolving a problem with your individual system configuration. There are several items to cover here, but none of them are very complicated and you should be able to cruise through them without too much fuss.
It is also recommended for site administrators to follow the visitor solutions as well. If only to rule out the problem being reported isn’t just an issue with a single user’s system configuration. Later on in the guide, there is an admin only section that will not be useful for regular visitors and if you are a visitor and have ruled out all the steps in this section, then chances are you need to report the issue to the website administrators as it’s likely on the server side and unresolvable by just a site visitor.
Step 1 ⇨ Manually review certificate details
In general, the first step when troubleshooting SSL errors is to Manually Review The Certificate Details reported by your browser. As with most things browser related, this process has slight variations based on the browser variant family. Our goal in this stage is to locate any inaccuracies in the certificate data fields that may have caused the browser to report an invalid status for that certificate. Some of the most common items to be cognoscente of while conducting your inspection are as follows.
Known Certificate Problems Matrix
- Expired or Invalid Dates Ranges
- Inaccurate Information
- Missing Details
- Incorrect or Misspelled Domain/Subdomain
- Broken Certificate Chain
- Encountering any one of these issues can potentially cause your browser to throw a problematic security certificate..
HOW TO View SSL Certificate in Chrome
Text-only Instructions
- Click the “Not secure” warning in the address bar
- Click on the [Certificate is not valid] button
- Review the “Validity Period” date range
🗹 The “Issued On” must be in the past
🗹 The “Expires On” must be in the future - Click the [Details] tab
- Scroll through “Certificate Fields” to review
🗹 Look for inaccuracies that may invalidate the certificate.
HOW TO View SSL Certificate in Firefox
Text-only Instructions
- Click the [Advanced] button
- Click the “View Certificate” link
- Review the “Validity Period” date range
🗹 The “Issued On” must be in the past
🗹 The “Expires On” must be in the future - Click the [Common Name] tab
- Click the [Details] tab
- Scroll through “Certificate Fields” to review
🗹 Look for inaccuracies that may invalidate the certificate.
HOW TO View SSL Certificate in MS Edge/IE Mode
Internet Explorer Mode uses the same process as most chrome variants but requires accepting the insecure certificate and continuing on to visit the website before you can access its certificate details.
HOW TO Accept a Bad SSL Certificate in MS Edge/IE Mode
Text-only Instructions
- Click the “More information” link
- Click the “Go on to the webpage (not recommended)” link
- Once Accepted, now follow the Microsoft Edge tab.
HOW TO View SSL Certificate in MS Edge
Text-only Instructions
- Click the “Not secure” warning in the address bar
- Click on the [Your connection to this site isn’t secure] button
- Click on the [Show Certificate] icon
- Review the “Validity Period” date range
🗹 The “Issued On” must be in the past
🗹 The “Expires On” must be in the future - Click the [Details] tab
- Scroll through “Certificate Fields” to review
🗹 Look for inaccuracies that may invalidate the certificate.
HOW TO View SSL Certificate in Opera
Text-only Instructions
- Click the “Not secure” warning in the address bar
- Click on the [Certificate is not valid] button
- Review the “Validity Period” date range
🗹 The “Issued On” must be in the past
🗹 The “Expires On” must be in the future - Click the [Details] tab
- Scroll through “Certificate Fields” to review
🗹 Look for inaccuracies that may invalidate the certificate.
HOW TO View SSL Certificate in Safari
Text-only Instructions
- Click the [Show Certificate] button
- Review the validation date range
🗹 The “Valid from” must be in the past
🗹 The “Valid to” must be in the - Click the [Details] tab
- Scroll through the list to review the details
🗹 Look for inaccuracies that may invalidate the certificate.
Step 2 ⇨ Hard Refresh / Force Reload
In order to make browsers as fast as possible they all employ a technique that stores information to a local disk cache a.k.a. “Temporary Internet Files” or “Browsing Data”. These files store recently fetched website content so the browser does not have to fetch those assets again on subsequent page visits. This local caching mechanism ensures things load as quickly as possible on follow-up visits to any website. Consequently, this means if a bad SSL certificate or CA chain was recently cached, the browser would typically still read that cached certificate instead of fetching the most recent version from the web server.
To help eliminate difficulties with stuck cache files, all browsers have a Hard Refresh or Force Reload function. This instructs the browser to ignore any cached information and download everything as if it were the first time visiting the page. This can fix seemingly stuck pages that are not updating as expected with a normal browser refresh and ensures the certificate you are troubleshooting is the most recent.
Performing the Browser Hard Refresh is a rather simple task. Browsers have a few hotkey combinations that trigger this feature. This next section covers all the known methods for performing the cache bypass as documented by Wikipedia.
HOW TO Hard Refresh in Chrome
To perform a hard refresh in Google Chrome and any other Chromium based variant, use one of the following key combinations.
Windows / Linux / Chromebook
^ Control +F5
⇧ Shift +F5
^ Control +⇧ Shift +R
⇧ Shift + 🖰⟳
^ Control + 🖰⟳
Apple MacOS
⌘ Command +⇧ SHIFT +R
⇧ Shift + 🖰⟳
^ Control + 🖰⟳
HOW TO Hard Refresh in Firefox
To perform a hard refresh in Mozilla Firefox browser variants, use one of the following key combinations.
Windows / Linux / Chromebook
^ Control +F5
^ Control +⇧ Shift +R
⇧ Shift + 🖰⟳
Apple MacOS
⌘ Command +⇧ Shift +R
⇧ Shift + 🖰⟳
HOW TO Hard Refresh in MS Edge IE Mode
To perform a hard refresh in Microsoft Edge when running in Internet Explorer Mode follows the same procedure as Edge outside of compatibility mode enabled. Review the next section below for instructions on how to perform the Force Reload on your operating system.
HOW TO Hard Refresh in MS Edge
To perform a hard refresh in Mozilla Firefox browser variants, use one of the following key combinations.
Windows / Linux / Chromebook / MacOS
^ Control +F5
⇧ Shift + 🖰⟳
^ Control + 🖰⟳
HOW TO Hard Refresh in Opera
To perform a hard refresh in your Opera-based variant, use one of the following key combinations.
Windows / Linux / Chromebook
^ Control +F5
⇧ Shift +F5
⇧ Shift + 🖰⟳
^ Control + 🖰⟳
Apple MacOS
⌘ Command +⇧ Shift +R
⇧ Shift + 🖰⟳
^ Control + 🖰⟳
HOW TO Hard Refresh in Safari
To perform a hard refresh while running Safari use one of the follow hotkey combinations:
Windows / Linux / Chromebook
⇧ Shift + 🖰⟳
Apple MacOS
⌘ Command +⌥ Option +R
⇧ Shift + 🖰⟳
Step 3 ⇨ Restart your browser
Try not to overlook the obvious. Like all software, sometimes browsers are not holding up their end of the bargain. Stuck processes can prevent a site from loading the most current version until that browser process is restarted and the errant behavior abates.
It is sometimes necessary to forcefully quit or kill off of a stuck browser process before it will behave correctly again. If you’re unsure about how to terminate your browser in this manner, you can simply perform a full power off of your system, which should clean out any stuck processes when booted up again.
While there are some obvious ways to restart a browser, I’ve included some of the less obvious ones. This next section goes over the myriad of ways to restart your browser.
HOW TO Restart Your Browser in Chrome
Automatic Restart
Input the following special URL into any Chrome Variant’s address bar and press enter to automatically close, then restart all Chrome browser tabs.
chrome://restart +Enter ↵
Hero Tip! This is my personal favorite method as it gets you back to your workspace as quick as possible.
Manual Restart
- Click the “Customize and control” button (vertical ellipsis icon).
- In the context menu select “Exit”, it’s the last one in the list.
- Open Chrome again in your normal fashion.
HOW TO Restart Your Browser in Firefox
Hokey Restart
The following hotkey closes all open Firefox windows. Once closed, you will need to manually restart Firefox in your normal fashion.
^ Control +⇧ Shift +Q
Automatic Restart
Input either of these two special Firefox URLs reveals a [Restart Firefox] button that will close all Firefox windows and then relaunches itself automatically back into the same profile.
about:profiles
OR
about:restartrequired
Hero Tip! If you have to restart Firefox frequently, Try pinning one of these two pages for quick access to the fast [Restart Firefox] button.
Manual Restart
1. Click the “Open application menu” triple stacked lines icon
2. Select the last entry in the list “Exit”
3 Once closed, manually launch Firefox in your usual manner
HOW TO Restart Your Browser in MS Edge
Automatic Restart
Visiting the following special Microsoft Edge URL will close all related Edge windows and then relaunches the application automatically.
edge://restart +Enter ↵
Manual Restart
- Click the “Customize and control” button (vertical ellipsis icon).
- In the context menu select “Exit”, it’s the last one in the list.
- Open Edge again in your normal fashion.
HOW TO Restart Your Browser in Opera
Automatic Restart
Visiting the this Opera special URL will close all relative Opera windows and restarts the Opera browser automatically.
opera://restart +Enter ↵
Manual Restart
- Click the “Opera Menu” button, top left of the Opera Window.
- In the context menu select “Exit”, it’s the last one in the list.
- Reopen Opera again in your normal manner.
HOW TO Restart Your Browser in Safari
Hotkey Restart
The following hotkeys will close all Safari browser windows. You will then need to manually relaunch them.
MacOS:
⌘ Command +Q
Other:
^ Control +Q
Manual Restart
- Tap the
Alt
key to show the menu bar - Click on the “File” menu
- Select the last entry in the list “Exit”
Step 4 ⇨ Browser Privacy Sandbox
Most of today’s browsers come with a built-in privacy focused sandbox feature that can be used for more than just satiating tracking concerns when surfing online. Often referred to as “Incognito“, despite that term being a moniker unique to Chromium browsers, privacy sandboxes are the generic descriptor for this type of feature. Most browsers use a slight variation on the name for this mode, so review the Browser Privacy Sandbox Matrix below to identify the name of the privacy sandbox that is typically used by the relevant browser family.
Browser Privacy Sandbox Matrix
- The privacy sandbox feature can sometimes be named differently even between variants of the same family, Vivaldi for example, is a Chrome Variant, but it’s Incognito Mode is called simply “Private”.
Since browser caching can end up saving an incorrect certificate, it’s a great practice to use the privacy feature of your browser to make sure you have bypassed any potential browser side caching when viewing the site’s SSL certificate. The next section provides instructions for how to access the privacy mode features in each browser family.
HOW TO Use Privacy Mode in Chrome
How To Use Incognito Mode in Chrome
The privacy mode feature in Google Chrome and most other Chromium-based variants is named Incognito Mode. To access this feature, follow one of the methods described below:
Hotkeys Instructions
^Control +⇧Shift +N
Mouse Instructions
1. Click the “Customize and control Chrome” (vertical ellipsis)
2. Select “New Incognito window” from the context menu
3. Confirm Incognito Mode is active by:
🗹 Noting: The Incognito banner near “Customize and control Chrome” (vertical ellipsis)
5. Navigate to the target website and test
HOW TO Use Privacy Mode in Firefox
How To Use Private Browsing Mode in Firefox
The privacy sandbox feature in Mozilla Firefox variants is called Private Browsing Mode. To access this feature, follow one of the methods described below:
Hotkeys Instructions
^Control +⇧Shift +P
Mouse Instructions
1. Click the “Settings and more” triple vertical line icon
2. Select “New private window” from the context menu
3. Confirm Private Browsing Mode is active by
🗹 Noting: The Private Browsing banner near the minimize button.
4. Navigate to the target website and test
HOW TO Use Privacy Mode in MS Edge
How To Use InPrivate Mode in Microsoft Edge
Microsoft Edge’s privacy mode feature was named InPrivate Mode. Access this feature by following one of these methods:
Hotkeys Instructions
^Control +⇧Shift +N
Mouse Instructions
1. Click the “Customize and control Chrome” vertical ellipsis icon
2. Select “New InPrivate window” from the context menu
3. Confirm Incognito Mode is active by:
🗹 Note: The Private Browsing banner near the minimize button.
5. Navigate to the target website and test
HOW TO Use Privacy Mode in Opera
How To Use Private Mode in Opera
The privacy mode feature in Google Chrome and most other Chromium-based variants is named Incognito Mode. To access this feature, follow one of the methods described below:
Hotkeys Instructions
^Control +⇧Shift +N
Mouse Instructions
1. Click the “Customize and control Chrome” vertical ellipsis icon
2. Select “New Incognito window” from the context menu
3. Confirm Incognito Mode is active by:
🗹 Note: The Private Browsing banner near the minimize button.
5. Navigate to the target website and test
HOW TO Use Privacy Mode in Safari
How To Use Private Browsing in Safari
The privacy mode feature in Google Chrome and most other Chromium-based variants is named Incognito Mode. To access this feature, follow one of the methods described below:
Hotkeys Instructions
^Control +⇧Shift +N
Mouse Instructions
1. Click the “Customize and control Chrome” vertical ellipsis icon
2. Select “New Incognito window” from the context menu
3. Confirm Incognito Mode is active by:
🗹 Note: The Private Browsing banner near the minimize button.
5. Navigate to the target website and test
Step 5 ⇨ Verify system clock & time zone
When validating a certificate your browser will check the system time to verify it’s between the validation period for all certificates in the SSL chain. If your clock is displaying the incorrect time (or time-zone is more frequently what is incorrect) then you will need to manually adjust the clock and/or sync the system with a time server. If you are unsure how to verify and correct your systems clock, review the relevant instructions below which should cover most users.
Linux Documentation
- Debian ⇨ DateTime
- Fedora ⇨ Configuring the Date and Time
- Red Hat ⇨ Setting Time and Date in RHEL
- Ubuntu ⇨ Change the date and time
MacOS Documentation & Instructions
- MacOS ⇨ Set the date and time on your Mac
1. Go to Apple menu
2. System Settings
3. General (in the sidebar)
4. Date & Time
Windows Documentation & Instructions
- Windows ⇨ How to set your time and time zone
1. Start Menu
2. Settings
3. Time & Language
4. Date & Time
Step 6 ⇨ Temporarily disable VPN & antivirus software
Antivirus & VPN software both have the potential to interfere with SSL validation. They are intrusive programs by design that force normal routines through themselves in an effort to filter out the unwanted or predatory practices encountered in the IT industry the world over. The downside to this type of self-imposed intrusive protection is that they are another link in the chain of trust with the potential of breaking due to a misconfiguration or errant behavior. Ruling out these services as potential problems is pretty simple. Just test the site/application in question again without these products enabled. Below are some of the documentation available for popular operating systems that can help you disable these services so you can perform a test without them in place. There are a very large number of these types of providers out there, so if you are not seeing them listed here, just reach out to their websites to find the assistance you need to temporarily disable them for a test.
Linux Documentation
- Debian ⇨ OpenVPN
- Fedora ⇨ How do I create a VPN Connection?
- Red Hat ⇨ Chapter 10. Configuring a VPN connection
- Ubuntu ⇨ Connect to a VPN
MacOS Documentation & Instructions
Windows Documentation & Instructions
Step 7 ⇨ Clear browser cache, cookies, & temporary internet files
Browsers build up cached files almost perpetually. If they are not routinely cleaned and restarted, eventually, an issue will occur where a site or application starts to misbehave erroneously. Thankfully, it’s rather simple and well documented how to do this in just about any browser you can find. Below are some helpful links to the documentation that discusses how to perform these cleaning operations on their given platform. These should cover all the bases.
Browser Variant Documentation Links
Step 8 ⇨ Reset browser SSL state (Windows Only)
The SSL State is a cache on the system with SSL certificate information. Sometimes this cache needs to be purged in order for the browser to see a newer certificate authority who may have recently renewed a certificate. There is a separate process for clearing this cache data on Windows systems.
Performing this operation on Linux or Mac systems is done by simply clearing the browser history data in the browser of use and is all that is needed to purge the SSL cache as well.
Windows Instructions
- Open the Start Menu and locate “Internet Options”
🗹 If you are unable to locate the option, open Settings instead and use the quick search box to search for “Internet Options” and it should pop up. - On the new “Internet Properties” window, Click the [Content] Tab,
- Click the [Clear SSL state] Button.
- Click the [OK] button on the message “The SSL cache was successfully cleared.”
- Close the “Internet Properties” window.
- Close any browser windows
- Open your browser and test the site again.
How to fix SSL certificate errors as an administrator
As a website or system administrator there are some additional server-side solutions to consider. The previous section does still apply and should be run through to make sure the issue is not a user-level problem as opposed to one on the server-side. Once you have reviewed all the previous answers to this point, then it’s time to start looking on the webserver for the problem. This section will cover the solutions that would be only available to the webserver’s administrators.
Step 1 ⇨ Run an SSL certificate test
A common way to diagnose the specifics of why a website’s certificate may be failing is by use of one of many online SSL testing tools available online. You simply just have to visit them in your browser and input the fully qualified domain name that you are testing into their form field and submit. As with most things, not all of these tools are created equal. Some are better than others and some are more niche. Here are a few reliable ones I’ve come to trust over the years.
SSL Certificate Testing Tools
Step 2 ⇨ Hard reset web server
During regular operations of thousands of connections between web server restarts a process can become stuck in memory . These zombie processes can cause website behavior issues where settings changes are not read from config for the pre-existing processes in memory.
A hard reset is one step above stopping and starting the web server. It’s a purposeful attempt to make sure any stuck processes are properly removed before starting the web server back online.
The following is the process that I’ve learned to follow to ensure that I am not dealing with one of these stuck process scenarios.
HOW TO Hard Reset in Apache Web Server
1. First we issue a normal service stop to Apache Web Server
apachectl stop
2. Next, we issue a graceful kill to any lingering processes.
killall httpd
3. Wait at-least 30 seconds, then issue force kills to the remaining processes.
Note: -v
will list any processes were stuck
sleep 30 && killall -v -9 httpd
4. Finally start the web server service again
apachectl start
5. Test the site again in the browser
HOW TO Hard Reset in LiteSpeed Web Server
1. First we issue a normal service stop to LiteSpeed Web Server
lswsctl stop
2. Next, we issue a graceful kill to any lingering processes.
killall lsws
3. Wait at-least 30 seconds, then issue force kills to the remaining processes.
Note: -v
will list any processes were stuck
sleep 30 && killall -v -9 lsws
4. Finally start the web server service again
lswsctl start
5. Test the site again in the browser
HOW TO Hard Reset in Nginx
1. First we issue a normal service stop to Nginx
nginxctl stop
2. Next, we issue a graceful kill to any lingering processes.
killall nginx
3. Wait at-least 30 seconds, then issue force kills to the remaining processes.
Note: -v
will list any processes were stuck
sleep 30 && killall -v -9 nginx
4. Finally start the web server service again
nginxctl start
5. Test the site again in the browser
Step 3 ⇨ Reissue/Reinstall SSL certificate & CA-bundle
A common troubleshooting tactic when dealing with SSL problems like an invalid certificate authority is to reinstall the original certificate and the CA bundle that was originally provided by the CA who issued the cert.
Most CA allow a certificate owner to have their certificate reissued. A reissued certificate is a replacement certificate with a validity period that starts from the new date of issue. Reissued certs are generated from the original CSR request and retain the previously generated private key. So essentially you can just drop in the new reissued certificate in place of the original without changing anything else.
Trusted Certificate Authorities
- IdenTrust ⇨ Certificate Management Center (CMC)
- Comodo / Sectigo (cPanel) ⇨ Reissuing Your SSL Certificate
- Let’s Encrypt ⇨ Manual
- Digicert ⇨ Reissue an SSL/TLS certificate
- GoDaddy ⇨ Get an SSL Certificate
Step 4 ⇨ Update/Reinstall OpenSSL & CA-certificate packages
There are two important packages that can become damaged or outdated that may need to be reinstalled. The package names are:
- ca-certificates – Common CA certificates
- openssl – Secure Sockets Layer toolkit – cryptographic utility
If these packages are particularly old due to lack of updates, downtime, or a configuration issue with the package manager, it’s possible that either of them need updating or reinstalled to restore functionality.
This is not common as these packages are critical for network security in the modern age, but you might find yourself troubleshooting an older end of life system some day and it’s important to make sure these packages and their prerequisites are installed to the most recent versions available.
HOW TO Reinstall OpenSSL & CA-Certificates in RedHat-based Distributions
The following instructions are for reinstalling the OpenSSL package in Yum-based servers like:
Run the following command to reinstall both openssl & ca-certificates packages
sudo yum reinstall ca-certificates openssl -y
The following is an example of the output to expect with a successful reinstall
Loaded plugins: fastestmirror, priorities, universal-hooks
Loading mirror speeds from cached hostfile
* EA4: 208.100.0.204
* EA4-experimental: 208.100.0.204
* cpanel-addons-production-feed: 208.100.0.204
* cpanel-plugins: 208.100.0.204
39 packages excluded due to repository priority protections
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.noarch 0:2022.2.54-74.el7_9 will be reinstalled
---> Package openssl.x86_64 1:1.0.2k-25.el7_9 will be reinstalled
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================
Reinstalling:
ca-certificates noarch 2022.2.54-74.el7_9 system-updates-released 911 k
openssl x86_64 1:1.0.2k-25.el7_9 system-updates-released 494 k
Transaction Summary
=============================================================================================================================================================
Reinstall 2 Packages
Total download size: 1.4 M
Installed size: 3.0 M
Downloading packages:
(1/2): ca-certificates-2022.2.54-74.el7_9.noarch.rpm | 911 kB 00:00:00
(2/2): openssl-1.0.2k-25.el7_9.x86_64.rpm | 494 kB 00:00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 17 MB/s | 1.4 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : ca-certificates-2022.2.54-74.el7_9.noarch 1/2
Installing : 1:openssl-1.0.2k-25.el7_9.x86_64 2/2
Verifying : 1:openssl-1.0.2k-25.el7_9.x86_64 1/2
Verifying : ca-certificates-2022.2.54-74.el7_9.noarch 2/2
Installed:
ca-certificates.noarch 0:2022.2.54-74.el7_9 openssl.x86_64 1:1.0.2k-25.el7_9
Complete!
HOW TO Reinstall OpenSSL & CA-Certificates in Debian-based Distributions
The following instructions are for reinstalling the OpenSSL package in Yum-based servers like:
Run the following command to reinstall both openssl & ca-certificates packages
sudo apt-get install --reinstall ca-certificates openssl
The following is an example of the output to expect with a successful reinstall
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 81 not upgraded.
Need to get 144 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 ca-certificates all 20211016ubuntu0.22.04.1 [144 kB]
Fetched 144 kB in 0s (417 kB/s)
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "en_US.utf-8",
LC_ALL = (unset),
LANG = "en_US.utf-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Preconfiguring packages ...
(Reading database ... 120990 files and directories currently installed.)
Preparing to unpack .../ca-certificates_20211016ubuntu0.22.04.1_all.deb ...
Unpacking ca-certificates (20211016ubuntu0.22.04.1) over (20211016ubuntu0.22.04.1) ...
Setting up ca-certificates (20211016ubuntu0.22.04.1) ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Step 5 ⇨ Replace/Renew existing SSL certificate
If all the above has failed to identify and correct the issue with your certificate and or certificate authority, the final tool in the box is to simply order a new certificate. Preferably from a more reputable certificate authority. There are a large number of certificate resellers out there but only a few true certificate authorities. If you’re still having trouble at this stage of the article, chances are you may have ordered your current certificate from a less trusted source. So why not go straight to the source and order from one of the power-houses in the industry:
Certificate Authorities by Market Share (2023)
Rank | Issuer | Usage | Market |
---|---|---|---|
1 | IdenTrust | 48.5% | 53.8% |
2 | DigiCert | 13.7% | 12.2% |
3 | Comodo/Sectigo | 12.2% | 13.5% |
4 | Let’s Encrypt | 5.8% | 6.4% |
5 | GlobalSign | 5.1% | 5.6% |
6 | GoDaddy | 4.9% | 5.4% |
- Data taken from Wikipedia on 03-19-2023
If you need help installing your SSL certificate, check out this helpful video:
Jason Potter is a Senior Linux Systems Administrator & Technical Writer with more than 20 years experience providing technical support to customers and has a passion for writing competent and thorough technical documentation at all skill levels.
Leave a Reply