Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Expired certificate served (only) to mobile clients!?

    Scheduled Pinned Locked Moved Cache/Proxy
    3 Posts 2 Posters 557 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sensewolf
      last edited by

      Hi,

      I don't understand what is going on:

      I have haproxy running on my pfsense and connecting to a handful of websites on the backend and I use the pfsense certificate manager to keep my letsencrypt wildcard certificate current.

      When I access one of my websites from a PC, haproxy serves up a current certificate and the website is shown as secure by my browser.

      However, when I access any of these websites from my mobile phone, the websites are marked as unsafe because the certificate has expired.

      So it seems that haproxy does serve up two different certificates (one current, one expired), depending on how the same website is accessed (PC or mobile).

      I am not sure, but this may have started end of September (when letsencrypt changed their root cerificate). But this may be coincidental and unrelated - no idea.

      Has anybody had to deal with something like this before or know what is going on?

      Thanks!

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @sensewolf
        last edited by

        @sensewolf said in Expired certificate served (only) to mobile clients!?:

        marked as unsafe because the certificate has expired.

        The certificate itself, the intermediate or ... the root certificate ?
        The last one is already in the "trusted certs list in your phone" and will get updated when you update the phone. Or, if possible, delete it, and get a more recent version.

        Your using the ACME pfSense package ?
        You probably want to look at this thread : HEADS UP: DST Root CA X3 Expiration (September 2021)

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        S 1 Reply Last reply Reply Quote 1
        • S
          sensewolf @Gertjan
          last edited by

          @gertjan

          Thank you, I had seen this thread and followed the OP's advice prior to the expiry of the LE certificate. So I thought I was prepared.

          But reading again and on, there was a problem reported, not exactly mine but similar enough.

          (Apparently, my problem was not the certificate itself (as expected by you) but the root or the intermediate certificate (the browser on my phone did not go into those details)).

          I followed the advice, deleted the CAs and renewed the certificate again. This recreated the CAs and solved my problem.

          Still strange that I encountered the problems only on my mobile but not on my PC...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.