Two "valid" SSL certificates, so site does not work on mobile

### Username (e.g. epiz_XXX) or Website URL

https://michaeljwphotography.co.uk/

NET::ERR_CERT_DATE_INVALID

I have accidentally installed two SSL certificales from Let’s Encrypt on my website. I need to delete one of them, otherwise this causes issues with mobile browers (I have included the mobile chrome error above).

Really stuck here. The “Free SSL certificates” sections shows my certificates, but there is no way to delete any one of them.

James

Your website is working fine for me in Firefox.

You can remove the incorrect certificate from your website through the “SSL/TLS” section in cPanel and then add the right one.

Also, please note:

But that was about 5 months ago now, so unless you are using an unsupported, non-updated device, you should be fine.

2 Likes

Thanks for your reply.

Is that Firefox on mobile? I am aware the site works fine on desktop.

In the SSL/TSL section of cPanel it only lists one certificate.

But in the “free SSL section” it lists two “valid” certificates, but I can’t delete any of them:

Both! (Windows and iOS)

Use either of the “Issued” ones. Don’t worry about deleting the unused one, it will expire eventually.


Sorry, let me clarify. In cPanel, you can only add/remove certificates from your website. That is where you paste the Certificate (and Private Key) and put them on your website, not where certificates are issued, which is the Free SSL tool I discussed above.

1 Like

It’s not giving me the option of using one or the other. They will both expire in three months, but this is causing an issue now, as my site will bring up an error on mobile devices.

I suggest you get a Self Signed certificate and use CloudFlare with Full SSL.

1 Like

You can use either one. Just click the “Show Certificate” button, and copy and paste the keys into the control panel. Refer to this guide for details:

1 Like

If I am only using one SSL certificate, then why am I getting issues with the site on mobile devices, but not on desktops?

What else could be causing this?

If the problem is arising on an Apple device, it may be caused by the browser itself. On iOS, all browsers are rebranded and UI-modified implementations of Safari, Apple’s built-in browser. I am guessing that Safari uses Apple’s own curated Root Store and Chain of Trust, which has the possibility to select the wrong (or no for that matter) Root and Intermediate Certificate. This has really only been a problem with Let’s Encrypt on older Apple devices. You can follow this guide for Apple devices: Ipad 2 IOS 9.3.5 - How to add a new root … - Apple Community.

On some old versions of Android (var >= 2.3.6) this problem also comes up. You can probably search Google and find a somewhat quick and easy fix.

You can also follow what I said above and use CloudFlare and this should no longer be a problem.

3 Likes

For starters, SSL certificates cannot be deleted. Once they are issued, they are recorded permanently in the Certificate Transparency Logs, which is a public database containing all SSL certificates. We can hide them in our panel, or it’s possible to revoke the certificate, but actually deleting the certificate is impossible.

And it’s impossible for this to affect your website. The fact that a certificate exists doesn’t affect how your website works, only the certificate that’s actually installed on your site can affect this, which can only be one.

So in short, you cannot delete your certificate. And if you could, it wouldn’t fix your website.

The link @wackyblackie provided is most likely the explanation for this. Let’s Encrypt changed some stuff last year which caused Let’s Encrypt certificates to be considered invalid on older operating systems.

This affects all kinds of operating systems. MacOS, iOS, Android, Windows, Linux all saw errors on older versions. Many of those operating systems quickly got updates, but if your operating system or device is end of life, you’re out of luck.

So your website works fine on most mobile devices, just not your mobile device because the software on it is too old.

Ideally, you should update the software on your phone, or if the manufacturer doesn’t provide updates, get a new phone that’s still being maintained. Because you’ll see this issue with many sites using Let’s Encrypt certificates, and if this hasn’t been fixed, there are likely other security problems on it that haven’t been fixed either.

Alternatively, you can get a certificate from GoGetSSL or ZeroSSL, which both don’t have this issue.

3 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.