Issues uploading new SSL certificate

K

Hello!

 

I am not sure why, but I am having trouble uploading a new SSL certificate to replace the expired one. I removed the old certificate to upload the new files but hitting the save button does nothing. Further, I was expecting the platform to notify me of the expiration of the certificate...now we are at a hard down because I can’t get the SSL certificate uploaded. Is there a resolution to this problem?

13 replies

KMallette
Rank
Userlevel 7
Badge +5

@kdickerson Your platform should still work, albeit in an unsecured manner.  In other words, the DNS doesn’t depend on the SSL.

Perhaps I can help a bit with getting the new cert loaded. Are you using Extended Enterprise or no?

KMallette/Viasat, Inc.
K

Hi! We don’t use the extended enterprise. DNS for our domain name routes through Cloudflare. Docebo doesn’t support cloudflare certificates so we’ve had to leverage GoDaddy. What we essentially get is a blocked message from cloudflare due to the certificate expiring. Which is also customer facing. Correct. the platform is functional using the original non custom url. My real issue is the inability to upload the certificate myself, as the save button just doesn’t want to work...

FionaR
Rank
Userlevel 3

Hi @KMallette,

To re-install an expired (or expiring) SSL the best way we’ve found is to follow these steps:

  1. Log into your platform via your Docebo login: i.e. yourcompany.docebosaas.com
    [If you’re using a custom domain and login via that your SSL will look like it’s installed properly inside Docebo but you’ll get an error on the front end]
  2. Remove your certificate in Docebo and then generate a new CSR, you’ll need this to issue a new certificate
  3. With the CSR in hand, go to your SSL provider and issue the certificate using your new CSR
  4. Go back to Docebo and upload the SSL certificate and the Root CA from your SSL certificate

The https area in your admin panel can be “tricky” in that it doesn’t always reload properly, so once you’ve uploaded and hit save you may get a blank screen, simply refresh your page and go back to the https screen to see if the SSL uploaded properly.

Also, sometimes it looks like it hasn’t saved, so, in that instance I’d recommend logging out of Docebo, deleting the cookies/history for Docebo and then logging in again to try uploading your SSL again.

Once it’s installed you can use this SSL checker to make sure everything is linked up properly: https://www.digicert.com/help/

Hopefully, something in this lengthy post helps but if not or if you have any questions please feel free to give me a shout! 

Fiona

KMallette
Rank
Userlevel 7
Badge +5

@kdickerson Are you using a single domain or a SAN SSL? Take me through the steps, maybe with a screenshot. Show me where your getting the error.

We use cloudflare for DNS, and Secito for SSLs. If I happen to order a SAN instead of a single domain SSL, then I have to remove the row that is above the ----Begin Certificate-----.  You can open a .pem file with a decent text editor (NOT Word).



 

KMallette/Viasat, Inc.
K

We use a single domain. We have GoDaddy managed SSL certificates so they auto renew by themselves. From the instructions from the previous post is it necessary to generate a new CSR? What I am attempting to do is simply swap the certificate (.pem is clean with no additional lines) with the new one I get from the GoDaddy console. I use the same key I used last year (We honestly had issues uploading the certificate then as well). I also use the GoDaddy intermediate cert (.pem) as well. 

 

At present I can access the platform via the docebosaas.com url. However, attempting to upload the new certificates or even download the key file result in nothing. Hitting the save button seemingly does nothing. If I upload the cert without the key and hit save it will return an error telling me the keyfile is missing. and vice versa...however once all certs/keys are uploaded, hitting save does nothing. 

KMallette
Rank
Userlevel 7
Badge +5

@kdickerson I used to have issues with the key file… when I would get ready to remove the old certificate I would download the key file and then upload it again with the new .pem.

I would recommend that you start with a new CSR, then get a new cert from GoDaddy based on the new CSR. I would think this wouldn’t be necessary, but given you aren’t making any progress, it feels like something is not lining up.

 

KMallette/Viasat, Inc.
FionaR
Rank
Userlevel 3

Hi @kdickerson,

I agree with @KMallette on the new CSR, technically, you can re-use the same CSR for an SSL when it renews assuming all the validations (domain and organisation) haven’t changed, however, it is best practice to use a new CSR when you renew an SSL.

I would generate a new CSR in Docebo and then it auto-populates the key file from that generation so you don’t need to upload it. 

When you re-issue the SSL from your GoDaddy account with that new CSR you will need to upload the Certificate file (which is a Security Certificate file type) and the Global Root file, which is typically a .pem file.

 

K

In either case...would that prevent me from even being able to use the save button? I receive no errors when trying to upload certificates. It simply does nothing. I am trying to figure out if this is a platform issue or a certificate issue...

K

Well it appears I can’t even generate a new CSR….I have a case open but it doesn’t seem like its gaining too much traction...Has anyone else experienced this issue? I’ve tried multiple browsers and computers at this point...

KMallette
Rank
Userlevel 7
Badge +5

@kdickerson I don’t think the save button is really the issue. If you can’t generate the CSR, it sounds like something is amiss with your platform. I’d get into Chat and talk with someone. Maybe they can escalate the ticket for you.

 

KMallette/Viasat, Inc.
K

Theres a chat? Can you point me in that direction?

 

Thanks!

Daniel
Rank
Userlevel 7
Badge +3

@kdickerson There is a chat function but you need to get it activated first. If you talk to your Customer Success Manager they should be able to get it activated for you.

 

D

@kdickersonAre you using a single domain or a SAN SSL? Take me through the steps, maybe with a screenshot. Show me where your getting the error.

We use cloudflare for DNS, and Secito for SSLs. If I happen to order a SAN instead of a single domain SSL, then I have to remove the row that is above the ----Begin Certificate-----.  You can open a .pem file with a decent text editor (NOT Word).



 

Not meaning to hijack this thread, but I have a question about SAN certificates. I’d like to use a single CSR for 2 learning domains we’ve setup in Docebo. The https csr pages only allow us to enter a single common name for each CSR. Does the CSR have to come from Docebo’s platform? How can I generate a SAN cert csr for GoDaddy to process that Docebo will accept when uploading?

Reply


Terms & ConditionsCookie settings