All Browsers error: Invalid Certificate?

Ltek · June 25, 2019, 1:28am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
nas.ltek.net

I ran this command:
tried to go to https://nas.ltek.net:5001

It produced this output:
Invalid Certificate error, see screenshot

My web server is (include version):
Synology DSM 6.x

The operating system my web server runs on is (include version):
Synology DSM 6.x

My hosting provider, if applicable, is:
Google

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Synology DSM 6.x

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Synology DSM 6.x

Osiris · June 25, 2019, 5:22am

Works fine here. Obviously, I can’t log in. When do the errors start? Do you have a screenshot of the error?

JuergenAuer · June 25, 2019, 6:59am

Hi @Ltek

your main domain with the standard port has the wrong certificate ( https://check-your-website.server-daten.de/?q=nas.ltek.net ):

Domainname	Http-Status	Sec.	G
• http://nas.ltek.net/
24.9.51.135	403	0.327	M
Forbidden

• https://nas.ltek.net/
24.9.51.135	401	2.327	N
Unauthorized
Certificate error: RemoteCertificateChainErrors

E=root@localhost, O=ASUSWRT-Merlin, CN=192.168.2.1, C=US
	05.05.2018
	05.05.2028
expires in 3237 days	192.168.2.1, 192.168.2.1, router.asus.com, 
RT-AC68R, RT-AC68R.home.lan, 
asusrouter, asusrouter.home.lan, nas.ltek.net - 8 entries

A self signed router certificate.

But as @Osiris wrote, your 5001 port has the correct certificate ( https://check-your-website.server-daten.de/?q=nas.ltek.net%3A5001 ):

Domainname	Http-Status	Sec.	G
• http://nas.ltek.net:5001/
24.9.51.135	400	0.326	M
Bad Request

• https://nas.ltek.net:5001/
24.9.51.135	200	2.480	I

Checking one port only http or https can work -> your https works, there is the correct certificate

CN=nas.ltek.net
	20.04.2019
	19.07.2019
expires in 24 days	nas.ltek.net - 1 entry

So the "Bad Request" checking http isn't a problem.

Sounds like you have the wrong router settings so you see the router certificate.

Ltek · June 25, 2019, 12:34pm

Thx for helping, I’m new to certs… So question: Do I need to install the same cert on the ASUS router as I do on the Synology? I dont have any certs installed on my router. thx!

JuergenAuer · June 25, 2019, 1:16pm

I don't know. I have no idea why there is a certificate with router.asus.com visible. I "think" it's sent by your router, but I don't know it.

Osiris · June 25, 2019, 5:17pm

Probably just a self signed certificate generated by the router itself.

For what reason? Do you need other people to access your router securely?

system · July 25, 2019, 5:17pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.