View Full Version : Hey techies: can someone explain all the certificate expired websites I’m getting?
Totem Polar
10-03-2021, 01:26 PM
In the last couple of days, it seems like a ton of websites that I visit—from musician websites of people I know to things like merriam-webster.com are expired and won’t load. I get cautions warning of data theft instead. When I click details, I see notices that the site certificate expired on 9/29, or 10/1 or 10/04/21, etc.
How does all that work, out of curiosity?
Thanks in advance!
elsquid
10-03-2021, 03:27 PM
Probably due to:
https://www.zdnet.com/article/fortinet-shopify-others-report-issues-after-root-ca-certificate-from-lets-encrypt-expires/
— Michael
Sig_Fiend
10-03-2021, 04:08 PM
It's a matter of TLS certificates being expired, meaning your browser is warning you they might not be trusted.
When you visit a website over HTTPS, that's supposed to be a secure and encrypted connection. To safely achieve that encryption, a website has to get what's called a TLS certificate (https://protonmail.com/blog/tls-ssl-certificate/) from a Certificate Authority (CA). CA's are companies or organizations that issue TLS certificates. That TLS cert tells the browser how to encrypt the connection so the data between your browser and the server is secured. Your browser has a list of many CA's to check a website's TLS cert against to make sure it's a valid certificate. Those certificates have an expiration date on them and need to be renewed to continue to be trusted. All of this is designed to automate protecting users and their data while reducing the likelihood of at least low capability hackers from spoofing trustworthy websites.
Here's an overview of the basic process of attempting to visit a site over HTTPS:
77952
Courtesy Drew Carver at Wikipedia (https://en.wikipedia.org/wiki/File:1258X489_How-SSL-Certificates-Work.jpg)
In order to obtain a TLS certificate, some CA's are vendors that sell certificates. In the last decade, we've also seen free options come along, such as "Let's Encrypt". That particular solution has seen significantly increasing adoption since it's free. One of the common things I've seen with people using Let's Encrypt certs is they often forget to handle or automate certificate renewal. It's not a problem of the Let's Encrypt service. Just a matter of website owners/admins forgetting or not doing their due dilligence in that regard.
Totem Polar
10-03-2021, 06:14 PM
Those last two posts were great, thanks.
P-F delivers.
:cool:
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.