2

I have a VPS server under Ubuntu 17.10, and I have 2 domains, I have created a successful SSL certificate for the first domain 2 months ago, Today I tried to install lets encrypt domain for the 2nd one, with 

certbot --authenticator standalone --installer apache -d domain.com -d www.domain.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"

Now on chrome, I got the invalid certificate with 

NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED

How can I debug and fix this error? Thanks?

Tarek Fellah
  • 21
  • 3
  • 1
    To debug this please check first what certificate you actually got in the browser. My assumption would be that this is not the current certificate from let's encrypt you expect since these use certificate transparency for a while already. – Steffen Ullrich Aug 27 '18 at 12:20
  • 4
    I have the exact same version of Chrome as you show (68.0.3440.106) and I don't get an error with this this URL. I get a freshly created certificate (10:54 GMT today) which also includes the certificate transparency information. Given that I have no problem with your site but you seem to have, the question is what certificate do you have in your browser. – Steffen Ullrich Aug 27 '18 at 12:47
  • Error is gone :), may be chrome cache issue? – Tarek Fellah Aug 27 '18 at 19:57
  • Yes, seems like your chrome still had an old certificate in its cache. – digijay Jul 03 '21 at 09:50

1 Answers1

1

Add this header to your webserver (you need get a custom report-uri!):

Expect-CT: enforce, max-age=300, report-uri="https://..."
Gergő
  • 11
  • 2