background shape
background shape

Error in SSL library certificate verify failed

One of the common challenges that professionals encounter when working with Adobe Campaign Classic is dealing with SSL certificate issues. These certificates are essential for establishing secure connections between servers, but occasionally, you might run into a problem where the SSL certificate fails to verify.

This error might happen once in a while and can be particularly frustrating, as it can interrupt your workflow and potentially compromise the security of your communications. Understanding why this error occurs and how to resolve it is key to maintaining the smooth operation of your campaigns.

Let’s explore the possible causes of this SSL certificate verification error in Adobe Campaign Classic and the steps you can take to troubleshoot and fix it.

SSL certificates are self managed

The most likely reason for encountering an SSL certificate verification error in Adobe Campaign Classic is that the certificate for your domain has expired and needs to be renewed. SSL certificates are crucial for establishing a secure connection, and if they lapse, your system will no longer be able to verify the identity of your domain, leading to potential security risks and errors.

For my sandbox environment, I use free SSL certificates provided by Let’s Encrypt, a popular certificate authority that offers free, automated, and open SSL/TLS certificates. These certificates can be easily installed and managed using Certbot, a user-friendly tool that automates the process of obtaining and renewing SSL certificates. By regularly renewing your SSL certificates, especially in a testing or sandbox environment, you can ensure that your Adobe Campaign Classic instance remains secure and free of such errors.

If you’re thinking of setting up your own sandbox environment, you should head over to my blog post where I guide you through the entire installation and setup process of Adobe Campaign Classic. In this post, I provide detailed instructions on how to configure a sandbox, including steps for installing necessary software, setting up SSL certificates with Let’s Encrypt, and ensuring your environment is secure and functional. This guide is perfect for anyone looking to create a safe and isolated environment for testing and development purposes.


Certbot is a free and open-source tool that automates the process of obtaining and renewing SSL/TLS certificates from the Let’s Encrypt Certificate Authority (CA). These certificates are used to enable HTTPS on your web server, ensuring that data transmitted between your server and users’ browsers is encrypted and secure.

To fix the SSL certificate verification error, you need to connect to your server and run Certbot commands to renew your certificate.

sudo certbot renew --apache

This command checks all the certificates that Certbot manages and renews any that are close to expiring.

root@debian-2gb-fsn1-1:/var/www# sudo certbot renew --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/xxx.xxxx.sk.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate for xxx.xxxx.sk

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/xxx.xxxx.sk/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded: 
  /etc/letsencrypt/live/xxx.xxxx.sk/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@debian-2gb-fsn1-1:/var/www# 

This will resolve our issue with failed certificate verification. But why did we end up here in the first place? In my case, I restored my server from a backup because I had installed something that broke my Adobe Campaign sandbox. My only option, and the fastest one, was to restore the server from my backup snapshots.

SSL certificates are managed by adobe

Certain Adobe Campaign hosting models can manage some or all of the certificates that are used. With the fully Adobe-hosted model, you do not need to take care of any certificate renewals, as this is managed by Adobe. In the hybrid model, when the email delivery is handled by a midsourcing server, you will need to manage the certificates for your Adobe application server. However, if you choose to do so in the admin panel, Adobe can take care of the certificates used with the midsourcing server, such as those for tracking links, resources, etc.

Common Reasons for Invalid Certificates

  1. Expired Certificates: If the SSL/TLS certificate has expired, it is no longer valid and will not be trusted by browsers or applications.
  2. Incorrect Domain: The certificate might not match the domain it’s being used for. For example, if a certificate is issued for example.com, it won’t work for sub.example.com unless it’s a wildcard or multi-domain certificate.
  3. Untrusted Issuer: The certificate may have been issued by a Certificate Authority (CA) that is not trusted by the browser or operating system.
  4. Misconfigured Server: The server might not be properly configured to serve the correct certificate, or it might be missing intermediate certificates in the chain.
  5. Revoked Certificate: The certificate may have been revoked by the CA, which can happen if the certificate is compromised or if the domain ownership changes.
  6. Outdated Client: Sometimes, the client (browser or application) might be outdated and not recognize newer certificates or modern encryption standards.
  7. Failed Auto-Renewal: If you’re using Let’s Encrypt, the certificate might have expired because it was not set to auto-renew, or the renewal process failed, causing the server to continue using the outdated certificate.
  8. Forgot to Issue a New Certificate: In some cases, after restoring a server or making significant changes, the administrator might forget to issue a new certificate, leaving the system with an invalid or expired one

Oh hi there đź‘‹
I have a FREE e-book for you.

Sign up now to get an in-depth analysis of Adobe and Salesforce Marketing Clouds!

We don’t spam! Read our privacy policy for more info.

Share With Others

MarTech consultant

Marcel Szimonisz

Marcel Szimonisz

I specialize in solving problems, automating processes, and driving innovation through major marketing automation platforms.

Buy me a coffee