Today I had a client call and say their website wasn't loading under SSL. When browsing to the site, we got the error "This organization's certificate has been revoked."
So, I quickly setup a new certificate for them using letsencrypt.org, which got the site back online. However, figuring out why the certificate was revoked is still a mystery.
I came upon this post to check the original certificates status.
After running those commands, sure enough, our certificate was revoked the previous evening. I've yet to find the reason why, as the certificate was good for another year and 3 months.
To reiterate the commands to verify:
Get the OCSP url from the certificate:
openssl x509 -noout -ocsp_uri -in /path/to/my/cert.pem
Send a request to the OCSP server to check the certificate (using the URL from the command above):
openssl ocsp -issuer /path/to/ca/bundle/cert.pem -cert /path/to/my/cert.pem -text -url http://url-from-command-above.com/ -header "HOST" "url-from-command-above.com"