Browser report "not secure"

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:wazentom.myasustor.com

I ran this command: created certificate

It produced this output: certificate

My web server is (include version): using NAS as file server

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: no host

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

My certificate has this information:

This certificate has been verified for the following usages:

Issued To

Common Name (CN) — wazentom.myasustor.com

Organization (O) —

Organizational Unit (OU) —

Issued By

Common Name (CN) — Let’s Encrypt Authority X3

Organization (O) — Let’s Encrypt

Organizational Unit (OU) —

Validity Period

Issued On — Wednesday June 17, 2020 at 6:49 AM

Expires On — Tuesday, September 15, 20202 at 6:49 AM

Fingerprints – (I didn’t include)

I had trouble creating the certificate and received a report saying all allotted was used and a Let’s Encrypt certificate couldn’t be saved. After changes to port forwarding in my router, I was able to save the certificate. It all seems to be working except for the the “not secure” error in the Chrome browser.

Hi @tr4,

It looks fine to me in Firefox and Chromium. Is it a particular page on the site that’s giving the error?

Usually if you get a browser warning, you can use the browser’s Web Developer Tools to get more details from the browser about what it thinks the problem is. By far the most common problem leading to this warning, if your certificate is correct and not expired, is a mixed content error.

This could happen if an image, stylesheet, or script, for example, was loaded over HTTP instead of HTTPS.

Hi @tr4

checking your domain with my browser there is no real error visible. Checked via https://check-your-website.server-daten.de/?q=wazentom.myasustor.com - the same:

Your certificate is ok:

CN=wazentom.myasustor.com
	17.06.2020
	15.09.2020
expires in 84 days	wazentom.myasustor.com - 1 entry

you use it. Only problem: No redirect http -> https.

So if you use the http version, Chrome says, it's insecure.

PS: Same with your port 8001, if I follow the link.

https://wazentom.myasustor.com:8001/portal/?5EF13580

Two ports, the same certificate.

I figured out how to avoid the error notice. Typing the IP address in the browser got the error but typing wazentom.myasustor.com works so there is no complaint about the certificate. I don’t know why typing the IP address gives the complaint in the browser. Thanks for the help! Knowing there was no problem with the certificate let me experiment without worry.

Thomas

If you use the ip address, you need a certificate with an ip address.

Such certificates are possible (see https://1.1.1.1/ ), but currently Letsencrypt can't create such certificates.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.