I have created and installed the letsencrypt x3 certificate using certbot and the step by step guide. https://puu.sh/ClivX/42143affe8.png
that screenshot is what I’m seeing when I try to navigate into my site. and I am viewing the certificate in the screenshot aswell. have I missed doing something?
well since I’m on the same network as the web server I have to go by ip, so I do https://192.168.18.250 to reach the site, I’m using chrome. same goes for firefox, but I see now that the kaspersky logo shows in the bottom left. https://puu.sh/Cllev/ada0e962d4.png
is kaspersky to blame for this?
it is important to have the certificate working even if cloudflare protects the site from outside, I use the certificate when sending emails from the site aswell
As you have identified, yes, Kaspersky is intercepting all of your network connections and altering them. This is not great, as it indicates that they’ve installed a root certificate on your system and are forging certificates from the anti-virus or whatever it is. This subverts the security of your entire system, because it replaces the established browser protections for SSL verification with it’s own crappy imitation that makes the root private key vulnerable to theft and forgery of certificates for any domain (like your banking).
If you try to visit your site directly by IP address, then you will experience this error, even if you get rid of Kaspersky. This is because the certificate is not valid for an IP address. The solution to this is to use the real domain in your address bar, by either:
a. Using a change to your system locally in /etc/hosts to point your domain to the LAN IP, or
b. Using something like split-horizon DNS or reflected NAT so that everybody on your network can access the domain directly (but using LAN) without the /etc/hosts change
uhm, that looping, is it cloudflare doing that? we just put in cloudflare today, I am very noobish with how that works. + it’s the owner of the domain name that did that. I only host the server
If you don’t observe the redirect loop locally, it’s a pretty good sign that Cloudflare is responsible (or is interacting with your local redirect rules poorly).
Perhaps add a redirect http + www -> https -> www and then from https + www -> https + non-www, so that every user sees https + non-www (if this is your preferred version).