Openssl
Jump to navigation
Jump to search
Contents
Commands
openssl x509 -text -noout -in mywebsite.com.crt
openssl s_client -showcerts -connect mywebsite.com:443
Certificate Providers
Let's Encrypt
ACME Clients
- certbot - doesn't support amazon linux ami
- getssl
NGINX config
SSL Diagnostics
- https://www.digicert.com/help/ DigiCert® SSL Installation Diagnostics Tool]
DST Root CA X3 Expiry Issues
Explainers
- DST Root CA X3 Certificate Expiration Problems and Fix - 30 Sept 2021
- Let's Encrypt's Root Certificate is expiring! - 20 Sept 2021
- How to fix certificate chain with letsencrypt / certbot?
- Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2 - 13 Sept 2021
- RHEL/CentOS 7 Fix for Let’s Encrypt Change - 20 Sept 2021
- Why am I receiving a certificate expiration error for the Let's Encrypt certificate on my EC2 instance? - 10 Oct 2021
Debugging
systemctl status nginx
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/pki/nginx/
/var/log/nginx/error.log
[error] 27606#0: OCSP_basic_verify() failed (SSL: error:13800076:OCSP routines::signer certificate not found) while requesting certificate status, responder: r3.o.lencr.org, ... [warn] 342#0: "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/pki/nginx/..."