.co.za EPP system cert expired

[Web Telecom Services]

Anybody else noticed this (again). One would expect that those guys have a calender entry to renew the cert before it expires.

stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

 

[Jade @ Absolute Hosting]

I’ve notified the guys at ZACR

 

[elp]

I'm seeing expiry Jun 25 23:59:59 2020 GMT Which server and port are you looking at?

 

[elp]

I take it back. There is definitely an issue. Its busy getting fixed now. Thank you for the heads up.

 

[Johnatan56]

This for http://co.za? Doesn't auto redirect to https, if you do the certificate isn't "liked" by FF.

It is valid till the end of the month:

As you can see by the FF error, it says broken encryption, mainly that it uses TLS 1.0.
As of the end of April, near all the large players agreed to deprecate TLS 1.0, FF did make an allowance for up to v77 to still allow it: https://www.fxsitecompat.dev/en-CA/docs/2020/tls-1-0-1-1-support-has-been-removed/

More on it here: https://hacks.mozilla.org/2019/05/tls-1-0-and-1-1-removal-update/

 

[Web Telecom Services]

Hi Jonathan. Its a specific hostname and port that is used by the EPP system - cert expired Saturday morning which is now affecting new registrations, renewals and domain sync operations. We do have a workaround to bypass the expired cert issue. Ill give them a call again to see if they attended to my email with the info.

Just thought Ill give you guys a heads in case you have EPP issues on your systems. Thanx Jade for also notifying them.

 

[Jade @ Absolute Hosting]

Thanx Jade for also notifying them.

Anytime bud

 

[elp]

The certificate itself hasn't expired. There is an intermediary certificate in the chain that did expire on Saturday. Interestingly it seems only be detected on some systems. For example our version control box uses the same cert and its fine in all the browsers but Git is objecting. We watch cert dates as part of our monitoring process. Naturally that picked everything up as fine. We will update our monitoring to catch intermediary issues in future.

We are busy fixing now. Thank you very much to flbjhb and Jade for letting us know.

 

[Web Telecom Services]

Hi elp. Please can you do your magic for org.za as well...same issue.

 

[Jade @ Absolute Hosting]

Hi elp. Please can you do your magic for org.za as well...same issue.

I've sent him a ping

 

[Web Telecom Services]

I've sent him a ping

I've sent him twice since yesterday. Hopefully he did not go on leave :-(

 

[Jade @ Absolute Hosting]

Nope he is in the office - and he’s confirmed that they are looking into it

 

[Jade @ Absolute Hosting]

I've sent him twice since yesterday. Hopefully he did not go on leave :-(

Is everything sorted?

 

[Web Telecom Services]

Hi Jade. Yip its been resolved now