GoDaddy SSL on win27???

[zero]

I've been trying to work with the support department on setting up a GoDaddy SSL for two days now. The first issue is that the GoDaddy intermediate certificate was not installed on Win27. Then, as soon as that was installed it worked for a few hours and then I was told that the client certificate was revoked and that I needed to reissue the certificate. That obviously didn't work and the secure part of this site has been down for over a day. I haven't gotten a response from the support department in over 12 hours, despite three replies from me.

This is getting ridiculous.

Ticket ID is EGS-15114-186.

Stephen, can you help?

 

[akshay]

I am checking it again and update you on ticket ASAP.

 

[zero]

Thanks.

 

[Manish]

I have updated your ticket. You should contact with your SSL provider.

 

[zero]

This information is also in the ticket, but I wanted to post it here as well in case anyone else has the same issue.

I just got off of the phone with GoDaddy support. They said the certificate is not fully installed on the server and that it is definitely NOT revoked.

The most likely cause is that you don't have the intermediate certificate and/or the cross intermediate certificate installed. You can find both of those here: https://certs.godaddy.com/Repository.go

Scroll down to where you see "New Go Daddy Certificate Chain" and you will see links for the intermediate certificate as well as the cross intermediate certificate. Both of those need to be installed along with the SSL certificate.

 

[Stephen]

We have the godaddy certs there, in fact the godaddy certs if not installed do NOt say revoked, they say they are no issued by a trusted provider, which is a totally different error.

 

[zero]

I'm at my wit's end here. Godaddy says it's not their fault and Jodo says it's not their fault. What am I to do?

 

[zero]

I called back to talk to GoDaddy's support department. She dug further into the issue and determined that you guys are using a certificate issues on 3/12 which was definitely revoked since you asked me to reissue a new one.

She said the most simple thing to do is completely remove everything to do with this certificate from IP address. Then, I will generate a new CSR from which I will reissue the certificate. After you guys completely remove the certificate, I should be able to do the rest from hsphere, right?

Please let me know when you have completely removed everything pertaining to this SSL from the IP address.

 

[Manish]

I have removed SSL from server. Now, you can re generate CSR from HSPHERE.

 

[zero]

Thanks for your help. Unfortunately, it did not solve the problem. We're going in circles.

I did as you suggested and disabled the SSL support. I then re-enabled it and generated a new "self signed CSR". I used that CSR to "rekey" the SSL at GoDaddy. I then went back in to the SSL settings in Hshpere and pasted in the new SSL Certificate.

Now, I'm receiving the same error as I received when this all started:

http://www.[my domain name here].com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The certificate is not valid for any server names.

(Error code: sec_error_unknown_issuer)




The zip file from GoDaddy is attached to the ticket. It contains the intermediate cert and the newly "rekeyed" SSL cert.

Is there something wrong with the process I'm using to generate the CSR or possibly paste in the SSL cert? I've used this same process with another domain hosted at Jodo (on win28) that uses a GoDaddy cert. No problems on that server.

 

[Stephen]

Thanks for your help. Unfortunately, it did not solve the problem. We're going in circles.

I did as you suggested and disabled the SSL support. I then re-enabled it and generated a new "self signed CSR". I used that CSR to "rekey" the SSL at GoDaddy. I then went back in to the SSL settings in Hshpere and pasted in the new SSL Certificate.

Now, I'm receiving the same error as I received when this all started:

http://www.[my domain name here].com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The certificate is not valid for any server names.

(Error code: sec_error_unknown_issuer)




The zip file from GoDaddy is attached to the ticket. It contains the intermediate cert and the newly "rekeyed" SSL cert.

Is there something wrong with the process I'm using to generate the CSR or possibly paste in the SSL cert? I've used this same process with another domain hosted at Jodo (on win28) that uses a GoDaddy cert. No problems on that server.

The intermediate cert is not tied to your cert, it is a 'global' so that didn't get uninstalled, after putting the new godaddy certificate it should have accepted and not given a trusted source error.

 

[zero]

Thanks for the reply, Stephen and please forgive my bluntness here, but you're telling me things we both already know. The process we went through should have worked. It actually should have worked three days ago when I did it the first time, but it didn't. Now my client is uncomfortable with the situation (since their brand new ecommerce checkout process is down and giving their company an unfavorable web presence right now) and I am uncomfortable with Jodo's ability to work through this.

Please let me know what needs to be done to fix this. I think it's fair to assume the problem is not with GoDaddy at this point, correct?

 

[Stephen]

Thanks for the reply, Stephen and please forgive my bluntness here, but you're telling me things we both already know. The process we went through should have worked. It actually should have worked three days ago when I did it the first time, but it didn't. Now my client is uncomfortable with the situation (since their brand new ecommerce checkout process is down and giving their company an unfavorable web presence right now) and I am uncomfortable with Jodo's ability to work through this.

Please let me know what needs to be done to fix this. I think it's fair to assume the problem is not with GoDaddy at this point, correct?

Every needed certificate authority is installed for godaddy. The cert is installed properly, now, it was still Hsphere, when you reapplied si did the CSR, Key, and issued cert match or give an error?

The domain is still not working now giving a data interrupted error but I can't find anything server side making this to happen.
I can see in IE that the certificate is coming across properly.

 

[zero]

To eliminate code loop possibilities, I pushed out a plane HTML page: https://[domain name].com/test.htm

It works fine when https is not used: http://[domain name].com/test.htm

Here is what ExpertsExchange.com says about this error: You cannot use shared host headers with SSL on the same port. They need individual IPs or you have to set one up on port 443 and another on port 444, etc.

I'm not sure if this is related since there *should* be only one host header for this domain, right?

 

[zero]

when you reapplied si did the CSR, Key, and issued cert match or give an error?

I didn't receive any errors. It went in fine, a little quicker than I would expect, but fine nonetheless.

 

[Stephen]

To eliminate code loop possibilities, I pushed out a plane HTML page: https://[domain name].com/test.htm

It works fine when https is not used: http://[domain name].com/test.htm

Here is what ExpertsExchange.com says about this error: You cannot use shared host headers with SSL on the same port. They need individual IPs or you have to set one up on port 443 and another on port 444, etc.

I'm not sure if this is related since there *should* be only one host header for this domain, right?

eh yuck that could be the problem, it has a ton of host headers. every alias added is a host header in reality, and it has many of them there. I've not seen this as an issue in the past but normally the only host headers seen are the www.domain.com domain.com and a blank entry, this one is having at least 3 domains pointing to it.

 

[zero]

Would it make sense to just move this application to another server (win29) and remove the static IP to start all over again? I didn't have any problems on win29 with another account and a GoDaddy cert.

 

[Stephen]

eh yuck that could be the problem, it has a ton of host headers. every alias added is a host header in reality, and it has many of them there. I've not seen this as an issue in the past but normally the only host headers seen are the www.domain.com domain.com and a blank entry, this one is having at least 3 domains pointing to it.

I have fixed this as a problem and it is still happening. I am pretty baffled here, seems others have had issues with certificates making this happen.

What kind of cert is this from Godaddy?

 

[Stephen]

Would it make sense to just move this application to another server (win29) and remove the static IP to start all over again? I didn't have any problems on win29 with another account and a GoDaddy cert.

this isn't a server issue, it is looking more and more like a certificate problem.

Everything is 100% server side.

 

[zero]

Yeah, that could be a big problem. They publish email addresses on one of the other domains, so I can't disable all of them to test. Any ideas?